|
4AE8000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000000.00000002.899909461.0000000004AE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AE8000
|
| Size: |
823296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3061000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003061000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3061000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002C51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C51000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3EF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.932805273.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF9000
|
| Size: |
823296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
428000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.0000000000428000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
428000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6830000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349774186.0000000006830000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6830000
|
| Size: |
65536
|
|
|
1883000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898560004.0000000001883000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1883000
|
| Size: |
28672
|
|
|
579E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934593509.000000000579E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
579E000
|
| Size: |
8192
|
|
|
C37F37B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810513348.000000C37F37B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C37F37B000
|
| Size: |
20480
|
|
|
C30057E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810385596.000000C30057E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C30057E000
|
| Size: |
4096
|
|
|
CF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335061686.0000000000CF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF7000
|
| Size: |
36864
|
|
|
5330000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347739096.0000000005330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
2F97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F97000
|
| Size: |
4096
|
|
|
1220000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3338352308.0000000001220000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1220000
|
| Size: |
65536
|
|
|
30D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D1000
|
| Size: |
8192
|
|
|
1D026A74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203615654.000001D026A74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A74000
|
| Size: |
4096
|
|
|
4FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934230117.0000000004FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FEE000
|
| Size: |
8192
|
|
|
14E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.00000000014E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E3000
|
| Size: |
8192
|
|
|
BA6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903610842.000000000BA6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BA6E000
|
| Size: |
8192
|
|
|
59DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347892777.00000000059DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59DE000
|
| Size: |
8192
|
|
|
C37EF7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810480602.000000C37EF7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C37EF7E000
|
| Size: |
8192
|
|
|
121C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338276567.000000000121C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
121C000
|
| Size: |
16384
|
|
|
1530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898311100.0000000001530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
16384
|
|
|
B82D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903557475.000000000B82D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B82D000
|
| Size: |
12288
|
|
|
2E2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908213349.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E2B000
|
| Size: |
90112
|
|
|
4089000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004089000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4089000
|
| Size: |
176128
|
|
|
30FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30FF000
|
| Size: |
4096
|
|
|
65DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348096038.00000000065DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65DE000
|
| Size: |
8192
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347343397.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
1D026A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1223599593.000001D026A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A30000
|
| Size: |
4096
|
|
|
4136000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004136000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4136000
|
| Size: |
4096
|
|
|
55C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347482174.00000000055C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55C4000
|
| Size: |
4096
|
|
|
5830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347792406.0000000005830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5830000
|
| Size: |
65536
|
|
|
32DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32DC000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3E2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003E2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E2F000
|
| Size: |
16384
|
|
|
1D026B30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808295822.000001D026B30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B30000
|
| Size: |
4096
|
|
|
7960000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902684964.0000000007960000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7960000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
3360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876198593.0000000003360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3360000
|
| Size: |
4096
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908198153.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
4096
|
|
|
43C000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.000000000043C000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43C000
|
| Size: |
4096
|
|
|
6453000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.0000000006453000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6453000
|
| Size: |
12288
|
|
|
703B6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.903935072.00000000703B6000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
703B6000
|
| Size: |
28672
|
|
|
C300479000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810370587.000000C300479000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C300479000
|
| Size: |
28672
|
|
|
4B90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.933944152.0000000004B90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B90000
|
| Size: |
65536
|
|
|
2F6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6D000
|
| Size: |
94208
|
|
|
2F05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
4096
|
|
|
662E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902442116.000000000662E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
662E000
|
| Size: |
8192
|
|
|
1D026A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203462152.000001D026A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A30000
|
| Size: |
360448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335249440.0000000000D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9E000
|
| Size: |
8192
|
|
|
2BEE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908151637.0000000002BEE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2BEE000
|
| Size: |
8192
|
|
|
40F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000040F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40F1000
|
| Size: |
4096
|
|
|
5C95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901959801.0000000005C95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C95000
|
| Size: |
40960
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
114688
|
|
|
1371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.0000000001371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1371000
|
| Size: |
16384
|
|
|
2F5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5C000
|
| Size: |
8192
|
|
|
1D026C1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810976546.000001D026C1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C1B000
|
| Size: |
49152
|
|
|
770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
36864
|
|
|
1D022000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810059201.000001D022000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D022000000
|
| Size: |
4096
|
|
|
6B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3350108617.0000000006B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B60000
|
| Size: |
32768
|
|
|
1D0216B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810257070.000001D0216B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B6000
|
| Size: |
20480
|
|
|
1D021E02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810930996.000001D021E02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021E02000
|
| Size: |
4096
|
|
|
10F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335083936.00000000010F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10F7000
|
| Size: |
36864
|
|
|
1D02165C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810708948.000001D02165C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02165C000
|
| Size: |
57344
|
|
|
170F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898361465.000000000170F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
170F000
|
| Size: |
4096
|
|
|
2D08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D08000
|
| Size: |
4096
|
|
|
188D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898580362.000000000188D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
188D000
|
| Size: |
4096
|
|
|
F33000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3335889425.0000000000F33000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F33000
|
| Size: |
4096
|
|
|
7A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.00000000007A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A6000
|
| Size: |
32768
|
|
|
135B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.000000000135B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
135B000
|
| Size: |
8192
|
|
|
65E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348130256.00000000065E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65E0000
|
| Size: |
352256
|
|
|
30D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D6000
|
| Size: |
4096
|
|
|
AC5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936049754.000000000AC5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC5E000
|
| Size: |
8192
|
|
|
3E02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003E02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E02000
|
| Size: |
4096
|
|
|
1364000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.0000000001364000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1364000
|
| Size: |
4096
|
|
|
1033000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000001033000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1033000
|
| Size: |
4096
|
|
|
2783000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.0000000002783000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2783000
|
| Size: |
4096
|
|
|
123A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897855034.000000000123A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123A000
|
| Size: |
24576
|
|
|
3CF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CF6000
|
| Size: |
16384
|
|
|
55BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347445744.00000000055BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55BE000
|
| Size: |
8192
|
|
|
58B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935064044.00000000058B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58B0000
|
| Size: |
65536
|
|
|
310B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000310B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
310B000
|
| Size: |
4096
|
|
|
2EBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EBC000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4161000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004161000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4161000
|
| Size: |
8192
|
|
|
3B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.928962091.00000000003B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B0000
|
| Size: |
4096
|
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335497337.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
16384
|
|
|
1D021E15000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810960223.000001D021E15000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021E15000
|
| Size: |
4096
|
|
|
AB7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929990842.0000000000AB7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AB7000
|
| Size: |
4096
|
|
|
695E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348942918.000000000695E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
695E000
|
| Size: |
8192
|
|
|
1D026B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809816254.000001D026B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B00000
|
| Size: |
4096
|
|
|
17D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17D1000
|
| Size: |
16384
|
|
|
2691000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.0000000002691000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2691000
|
| Size: |
286720
|
|
|
189A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898655804.000000000189A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
189A000
|
| Size: |
4096
|
|
|
426000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.0000000000426000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
5C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901927505.0000000005C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C70000
|
| Size: |
65536
|
|
|
40C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000040C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40C9000
|
| Size: |
4096
|
|
|
302E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340183291.000000000302E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
302E000
|
| Size: |
8192
|
|
|
798000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000798000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
798000
|
| Size: |
53248
|
|
|
2DD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD8000
|
| Size: |
4096
|
|
|
41F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.000000000041F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
41F000
|
| Size: |
4096
|
|
|
5134000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347343397.0000000005134000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5134000
|
| Size: |
4096
|
|
|
1D026B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809833472.000001D026B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B10000
|
| Size: |
8192
|
|
|
3E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E60000
|
| Size: |
4096
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930147080.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
73E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929081963.000000000073E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73E000
|
| Size: |
8192
|
|
|
78E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.902625579.00000000078E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
78E0000
|
| Size: |
53248
|
|
|
C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930128131.0000000000C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C0E000
|
| Size: |
8192
|
|
|
330F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000330F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1D026CFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811247673.000001D026CFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CFA000
|
| Size: |
12288
|
|
|
1D021676000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810191552.000001D021676000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021676000
|
| Size: |
16384
|
|
|
14C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.00000000014C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C9000
|
| Size: |
45056
|
|
|
1D021550000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810599174.000001D021550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021550000
|
| Size: |
4096
|
|
|
3266000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003266000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3266000
|
| Size: |
315392
|
|
|
1338000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.0000000001338000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1338000
|
| Size: |
135168
|
|
|
6980000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350628126.0000000006980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6980000
|
| Size: |
8192
|
|
|
2AFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908072882.0000000002AFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AFD000
|
| Size: |
12288
|
|
|
CB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000CB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CB6000
|
| Size: |
16384
|
|
|
3F04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F04000
|
| Size: |
4096
|
|
|
4289000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899909461.0000000004289000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4289000
|
| Size: |
4096
|
|
|
2794000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.0000000002794000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2794000
|
| Size: |
4182016
|
|
|
58A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900771408.00000000058A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A5000
|
| Size: |
45056
|
|
|
326D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876132127.000000000326D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326D000
|
| Size: |
12288
|
|
|
3699000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.932805273.0000000003699000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3699000
|
| Size: |
4096
|
|
|
1D021450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810569822.000001D021450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021450000
|
| Size: |
12288
|
|
|
C1D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903850266.000000000C1D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C1D0000
|
| Size: |
4096
|
|
|
1D026C5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811085920.000001D026C5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C5F000
|
| Size: |
139264
|
|
|
174E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898378124.000000000174E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
174E000
|
| Size: |
8192
|
|
|
435E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.000000000435E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
4096
|
|
|
B96D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903591794.000000000B96D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B96D000
|
| Size: |
12288
|
|
|
AD9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936087681.000000000AD9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD9E000
|
| Size: |
8192
|
|
|
1D026C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810976546.000001D026C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C00000
|
| Size: |
94208
|
|
|
3214000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003214000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3214000
|
| Size: |
4096
|
|
|
1D021641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810690879.000001D021641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021641000
|
| Size: |
106496
|
|
|
2F0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F0B000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
64EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348727625.00000000064EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64EE000
|
| Size: |
8192
|
|
|
5881000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.0000000005881000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5881000
|
| Size: |
16384
|
|
|
CC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000CC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CC2000
|
| Size: |
49152
|
|
|
AA1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935949370.000000000AA1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA1D000
|
| Size: |
12288
|
|
|
2D5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5A000
|
| Size: |
442368
|
|
|
34AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876228067.00000000034AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34AA000
|
| Size: |
69632
|
|
|
4B20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933674915.0000000004B20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B20000
|
| Size: |
4096
|
|
|
9EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3334974921.00000000009EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EA000
|
| Size: |
24576
|
|
|
F4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336232649.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F4D000
|
| Size: |
4096
|
|
|
5886000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.0000000005886000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5886000
|
| Size: |
16384
|
|
|
1D026A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203615654.000001D026A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A70000
|
| Size: |
4096
|
|
|
1D021F13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810157112.000001D021F13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F13000
|
| Size: |
28672
|
|
|
1D026C58000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811045275.000001D026C58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C58000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
AAA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929953511.0000000000AAA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AAA000
|
| Size: |
4096
|
|
|
336C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000336C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
336C000
|
| Size: |
8192
|
|
|
2EDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EDA000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5940000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.901665732.0000000005940000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5940000
|
| Size: |
65536
|
|
|
1D021717000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810903076.000001D021717000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021717000
|
| Size: |
8192
|
|
|
1D026A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809094495.000001D026A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A20000
|
| Size: |
4096
|
|
|
5950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901704358.0000000005950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5950000
|
| Size: |
4096
|
|
|
D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335170607.0000000000D50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D50000
|
| Size: |
4096
|
|
|
C37F47E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810527952.000000C37F47E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C37F47E000
|
| Size: |
4096
|
|
|
BF7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903761140.000000000BF7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BF7C000
|
| Size: |
16384
|
|
|
3F32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F32000
|
| Size: |
12288
|
|
|
311B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000311B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
311B000
|
| Size: |
4096
|
|
|
4B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933704843.0000000004B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B30000
|
| Size: |
4096
|
|
|
1D0280A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2807850734.000001D0280A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D0280A0000
|
| Size: |
4096
|
|
|
C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
32768
|
|
|
66AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348808410.00000000066AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66AE000
|
| Size: |
8192
|
|
|
B35E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936250863.000000000B35E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B35E000
|
| Size: |
8192
|
|
|
2C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339707300.0000000002C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C3F000
|
| Size: |
4096
|
|
|
12D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335725306.00000000012D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12D0000
|
| Size: |
8192
|
|
|
4126000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004126000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4126000
|
| Size: |
8192
|
|
|
B0DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936159482.000000000B0DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0DF000
|
| Size: |
4096
|
|
|
679E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348852347.000000000679E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
679E000
|
| Size: |
8192
|
|
|
703BF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.903972491.00000000703BF000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
703BF000
|
| Size: |
12288
|
|
|
68A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349966487.00000000068A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68A0000
|
| Size: |
4096
|
|
|
4B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933840874.0000000004B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B60000
|
| Size: |
36864
|
|
|
12ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336112508.00000000012ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12ED000
|
| Size: |
4096
|
|
|
A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929730582.0000000000A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
8192
|
|
|
814000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
814000
|
| Size: |
4096
|
|
|
43DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000043DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43DB000
|
| Size: |
8192
|
|
|
D05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930465049.0000000000D05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D05000
|
| Size: |
45056
|
|
|
57A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934616403.00000000057A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57A0000
|
| Size: |
4096
|
|
|
63A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347927918.00000000063A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63A2000
|
| Size: |
73728
|
|
|
1290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335642461.0000000001290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1290000
|
| Size: |
4096
|
|
|
58C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901452897.00000000058C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58C3000
|
| Size: |
8192
|
|
|
1D026C82000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811085920.000001D026C82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C82000
|
| Size: |
4096
|
|
|
57C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934616403.00000000057C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C1000
|
| Size: |
8192
|
|
|
F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F80000
|
| Size: |
28672
|
|
|
361E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876298749.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
339F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000339F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
12288
|
|
|
1D0216B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810806328.000001D0216B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B6000
|
| Size: |
20480
|
|
|
33A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000033A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A7000
|
| Size: |
4096
|
|
|
1610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338871345.0000000001610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1610000
|
| Size: |
16384
|
|
|
5860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.0000000005860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5860000
|
| Size: |
12288
|
|
|
2BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908128515.0000000002BA0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
4096
|
|
|
2F07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F07000
|
| Size: |
4096
|
|
|
65EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348764866.00000000065EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65EE000
|
| Size: |
8192
|
|
|
1018000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000001018000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1018000
|
| Size: |
106496
|
|
|
1337000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897877991.0000000001337000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1337000
|
| Size: |
36864
|
|
|
40CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000040CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40CB000
|
| Size: |
4096
|
|
|
1880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898541302.0000000001880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1880000
|
| Size: |
8192
|
|
|
42EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000042EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42EC000
|
| Size: |
4096
|
|
|
423F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.000000000423F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
423F000
|
| Size: |
16384
|
|
|
3FB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB4000
|
| Size: |
4096
|
|
|
1D026BD0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204862217.000001D026BD0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026BD0000
|
| Size: |
4096
|
|
|
4DED000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347303881.0000000004DED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DED000
|
| Size: |
12288
|
|
|
F3D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336069371.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F3D000
|
| Size: |
4096
|
|
|
1D021580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810613144.000001D021580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D021580000
|
| Size: |
4096
|
|
|
B7EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903542252.000000000B7EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7EE000
|
| Size: |
8192
|
|
|
FB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB7000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1D026A32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809499764.000001D026A32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A32000
|
| Size: |
4096
|
|
|
1D026A31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1266097894.000001D026A31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A31000
|
| Size: |
4096
|
|
|
5068000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347264059.0000000005068000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5068000
|
| Size: |
4096
|
|
|
15EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338505116.00000000015EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15EC000
|
| Size: |
16384
|
|
|
3218000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003218000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3218000
|
| Size: |
4096
|
|
|
C37E6DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810432003.000000C37E6DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C37E6DB000
|
| Size: |
20480
|
|
|
19B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898989832.00000000019B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19B0000
|
| Size: |
32768
|
|
|
57BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934616403.00000000057BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57BB000
|
| Size: |
4096
|
|
|
3EF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003EF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF2000
|
| Size: |
12288
|
|
|
33A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000033A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A4000
|
| Size: |
8192
|
|
|
5DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902047508.0000000005DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DE0000
|
| Size: |
4096
|
|
|
1D026C3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811011551.000001D026C3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C3F000
|
| Size: |
49152
|
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D36000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2E0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E0F000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
56A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347857379.00000000056A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
56A0000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
176128
|
|
|
143A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.000000000143A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143A000
|
| Size: |
8192
|
|
|
A84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929786389.0000000000A84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A84000
|
| Size: |
4096
|
|
|
68E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350413569.00000000068E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68E0000
|
| Size: |
40960
|
|
|
4BC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934049163.0000000004BC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC8000
|
| Size: |
32768
|
|
|
33A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000033A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A9000
|
| Size: |
4096
|
|
|
190E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898755284.000000000190E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
190E000
|
| Size: |
8192
|
|
|
4D50000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.934201277.0000000004D50000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
1D026B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808414938.000001D026B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B20000
|
| Size: |
4096
|
|
|
2DDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DDE000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929002017.00000000003C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C0000
|
| Size: |
8192
|
|
|
1870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898453540.0000000001870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1870000
|
| Size: |
8192
|
|
|
1366000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.0000000001366000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1366000
|
| Size: |
475136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2F67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F67000
|
| Size: |
12288
|
|
|
A9DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935918708.000000000A9DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9DF000
|
| Size: |
4096
|
|
|
442000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.0000000000442000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
442000
|
| Size: |
12288
|
|
|
17F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3339779976.00000000017F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17F0000
|
| Size: |
49152
|
|
|
18AB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898723112.00000000018AB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18AB000
|
| Size: |
4096
|
|
|
AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930025937.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
4096
|
|
|
BF3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903738078.000000000BF3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BF3F000
|
| Size: |
4096
|
|
|
307E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908282069.000000000307E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307E000
|
| Size: |
8192
|
|
|
F65000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336643872.0000000000F65000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F65000
|
| Size: |
4096
|
|
|
427000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.0000000000427000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
427000
|
| Size: |
4096
|
|
|
B25D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936229309.000000000B25D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B25D000
|
| Size: |
12288
|
|
|
411B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.000000000411B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
411B000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
143E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.000000000143E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143E000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3349123821.0000000006A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A70000
|
| Size: |
65536
|
|
|
3A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.928878017.00000000003A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A0000
|
| Size: |
16384
|
|
|
3216000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003216000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3216000
|
| Size: |
4096
|
|
|
CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930373697.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
2DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD0000
|
| Size: |
8192
|
|
|
1D026B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809865238.000001D026B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B70000
|
| Size: |
4096
|
|
|
EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335639230.0000000000EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFE000
|
| Size: |
8192
|
|
|
3CB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CB9000
|
| Size: |
4096
|
|
|
1300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336403312.0000000001300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
128E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335556854.000000000128E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
128E000
|
| Size: |
8192
|
|
|
2E51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E51000
|
| Size: |
4096
|
|
|
3C79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003C79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C79000
|
| Size: |
176128
|
|
|
1D027000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810172050.000001D027000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D027000000
|
| Size: |
4096
|
|
|
703A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.903884431.00000000703A0000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
703A0000
|
| Size: |
4096
|
|
|
B49F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936291450.000000000B49F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B49F000
|
| Size: |
4096
|
|
|
AA6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929931923.0000000000AA6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AA6000
|
| Size: |
8192
|
|
|
B39E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936271931.000000000B39E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B39E000
|
| Size: |
8192
|
|
|
D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930547443.0000000000D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
32768
|
|
|
4343000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004343000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4343000
|
| Size: |
8192
|
|
|
141B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3337960196.000000000141B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
141B000
|
| Size: |
81920
|
|
|
412F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.000000000412F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
412F000
|
| Size: |
16384
|
|
|
2E14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E14000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
14D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.00000000014D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D7000
|
| Size: |
8192
|
|
|
17D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17D6000
|
| Size: |
16384
|
|
|
586B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.000000000586B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
586B000
|
| Size: |
69632
|
|
|
5864000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.0000000005864000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5864000
|
| Size: |
16384
|
|
|
CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930430059.0000000000CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
65536
|
|
|
C37F07E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810496962.000000C37F07E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C37F07E000
|
| Size: |
4096
|
|
|
5770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900387337.0000000005770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5770000
|
| Size: |
274432
|
|
|
C37EC77000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810448468.000000C37EC77000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C37EC77000
|
| Size: |
36864
|
|
|
11F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335323716.00000000011F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F5000
|
| Size: |
12288
|
|
|
186E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898439215.000000000186E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
186E000
|
| Size: |
8192
|
|
|
17BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17BB000
|
| Size: |
8192
|
|
|
4B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933787733.0000000004B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B50000
|
| Size: |
4096
|
|
|
2E55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E55000
|
| Size: |
319488
|
|
|
55DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347591487.00000000055DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55DD000
|
| Size: |
12288
|
|
|
3DE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003DE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DE6000
|
| Size: |
12288
|
|
|
1D021F04000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810100293.000001D021F04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F04000
|
| Size: |
16384
|
|
|
55F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347787511.00000000055F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55F0000
|
| Size: |
4096
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934441674.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
65536
|
|
|
78C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902590486.00000000078C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78C0000
|
| Size: |
65536
|
|
|
32EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EE000
|
| Size: |
122880
|
|
|
67B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902518335.00000000067B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67B0000
|
| Size: |
4096
|
|
|
1100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335167282.0000000001100000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1100000
|
| Size: |
4096
|
|
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349439561.00000000067F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
67F0000
|
| Size: |
65536
|
|
|
337D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000337D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
337D000
|
| Size: |
98304
|
|
|
D2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930547443.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D2A000
|
| Size: |
20480
|
|
|
541C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900362005.000000000541C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
541C000
|
| Size: |
16384
|
|
|
2BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908180711.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BF0000
|
| Size: |
16384
|
|
|
F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335718094.0000000000F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F20000
|
| Size: |
8192
|
|
|
2F99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F99000
|
| Size: |
4096
|
|
|
622E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347868370.000000000622E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
622E000
|
| Size: |
8192
|
|
|
4B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933898026.0000000004B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
65536
|
|
|
2E09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E09000
|
| Size: |
4096
|
|
|
1D0280A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2807742910.000001D0280A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D0280A0000
|
| Size: |
4096
|
|
|
30B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5E70000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.902152293.0000000005E70000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5E70000
|
| Size: |
61440
|
|
|
12E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3335917114.00000000012E3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12E3000
|
| Size: |
4096
|
|
|
31E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31E3000
|
| Size: |
4096
|
|
|
AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930073543.0000000000AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF0000
|
| Size: |
65536
|
|
|
1874000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898499489.0000000001874000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1874000
|
| Size: |
4096
|
|
|
1505000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.0000000001505000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1505000
|
| Size: |
172032
|
|
|
B5EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903506167.000000000B5EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5EF000
|
| Size: |
4096
|
|
|
67C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349058879.00000000067C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C6000
|
| Size: |
4096
|
|
|
3CBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003CBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CBB000
|
| Size: |
4096
|
|
|
5140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347464959.0000000005140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5140000
|
| Size: |
65536
|
|
|
310F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000310F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
310F000
|
| Size: |
4096
|
|
|
BCEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903692867.000000000BCEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BCEE000
|
| Size: |
8192
|
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930357207.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
4096
|
|
|
1D026CA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811085920.000001D026CA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CA3000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
15F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338609574.00000000015F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
49152
|
|
|
37C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876326908.00000000037C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37C0000
|
| Size: |
16384
|
|
|
12FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336312307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12FD000
|
| Size: |
4096
|
|
|
1600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338729606.0000000001600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1600000
|
| Size: |
65536
|
|
|
2D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D10000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5070000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.934386583.0000000005070000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
441000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.0000000000441000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
4096
|
|
|
5050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934272730.0000000005050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5050000
|
| Size: |
12288
|
|
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.930040494.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AE0000
|
| Size: |
65536
|
|
|
2F55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F55000
|
| Size: |
12288
|
|
|
1D0229A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809549724.000001D0229A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D0229A0000
|
| Size: |
4096
|
|
|
7DE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.903091635.0000000007DE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DE0000
|
| Size: |
65536
|
|
|
1896000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898638190.0000000001896000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1896000
|
| Size: |
8192
|
|
|
34A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876228067.00000000034A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34A0000
|
| Size: |
36864
|
|
|
7B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.00000000007B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B1000
|
| Size: |
4096
|
|
|
1D026D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811263627.000001D026D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026D04000
|
| Size: |
8192
|
|
|
30C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30C7000
|
| Size: |
12288
|
|
|
1356000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.0000000001356000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1356000
|
| Size: |
8192
|
|
|
1D022580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809640492.000001D022580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D022580000
|
| Size: |
4096
|
|
|
3F64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F64000
|
| Size: |
12288
|
|
|
6800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349569432.0000000006800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6800000
|
| Size: |
4096
|
|
|
4AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933589113.0000000004AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AE0000
|
| Size: |
65536
|
|
|
1382000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.0000000001382000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1382000
|
| Size: |
49152
|
|
|
5E40000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902089118.0000000005E40000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5E40000
|
| Size: |
69632
|
|
|
67E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349358664.00000000067E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67E0000
|
| Size: |
4096
|
|
|
68F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350472594.00000000068F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68F0000
|
| Size: |
32768
|
|
|
33A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.928829317.000000000033A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33A000
|
| Size: |
24576
|
|
|
51FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347298978.00000000051FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51FE000
|
| Size: |
8192
|
|
|
5960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901771130.0000000005960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5960000
|
| Size: |
36864
|
|
|
11D0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3338222730.00000000011D0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
3D16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D16000
|
| Size: |
8192
|
|
|
1D026B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204189265.000001D026B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B00000
|
| Size: |
4096
|
|
|
1D026CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811171326.000001D026CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CC0000
|
| Size: |
57344
|
|
|
4D2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934133276.0000000004D2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D2C000
|
| Size: |
16384
|
|
|
C30017D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810336122.000000C30017D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C30017D000
|
| Size: |
12288
|
|
|
3050000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3340236033.0000000003050000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3050000
|
| Size: |
4096
|
|
|
2D0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D0C000
|
| Size: |
4096
|
|
|
3375000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899086154.0000000003375000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3375000
|
| Size: |
53248
|
|
|
12E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335825214.00000000012E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
8192
|
|
|
1D026CBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811085920.000001D026CBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CBB000
|
| Size: |
16384
|
|
|
68A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349966487.00000000068A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68A6000
|
| Size: |
4096
|
|
|
43B000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.000000000043B000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43B000
|
| Size: |
4096
|
|
|
3281000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899086154.0000000003281000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3281000
|
| Size: |
286720
|
|
|
B6EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903526938.000000000B6EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B6EE000
|
| Size: |
8192
|
|
|
5ADF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347924759.0000000005ADF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5ADF000
|
| Size: |
4096
|
|
|
EF2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.864707064.0000000000EF2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
EF2000
|
| Size: |
753664
|
|
|
2680000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.930646388.0000000002680000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2680000
|
| Size: |
4096
|
|
|
7DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903031738.0000000007DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DAE000
|
| Size: |
8192
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335323716.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
16384
|
|
|
2F94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F94000
|
| Size: |
8192
|
|
|
1D026B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810041016.000001D026B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B80000
|
| Size: |
4096
|
|
|
32CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899086154.00000000032CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32CA000
|
| Size: |
688128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
AD5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936069487.000000000AD5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD5E000
|
| Size: |
8192
|
|
|
5060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934333800.0000000005060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5060000
|
| Size: |
65536
|
|
|
1980000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898886106.0000000001980000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1980000
|
| Size: |
65536
|
|
|
2CB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB8000
|
| Size: |
12288
|
|
|
675F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348813113.000000000675F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
675F000
|
| Size: |
4096
|
|
|
2EB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB7000
|
| Size: |
4096
|
|
|
31ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31ED000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
32E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E5000
|
| Size: |
4096
|
|
|
335E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876184020.000000000335E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
335E000
|
| Size: |
8192
|
|
|
50A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934492253.00000000050A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50A0000
|
| Size: |
65536
|
|
|
136E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.000000000136E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
136E000
|
| Size: |
4096
|
|
|
1D0216B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810806328.000001D0216B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B2000
|
| Size: |
4096
|
|
|
CBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000CBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CBD000
|
| Size: |
16384
|
|
|
1312000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336724352.0000000001312000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1312000
|
| Size: |
4096
|
|
|
6A34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935162814.0000000006A34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A34000
|
| Size: |
4096
|
|
|
3D0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D0B000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.00000000007B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B3000
|
| Size: |
286720
|
|
|
2CC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC7000
|
| Size: |
4096
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
28672
|
|
|
67AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348854640.00000000067AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67AE000
|
| Size: |
8192
|
|
|
5150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347540601.0000000005150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5150000
|
| Size: |
49152
|
|
|
AFDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936137713.000000000AFDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFDE000
|
| Size: |
8192
|
|
|
13A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897898115.00000000013A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
4096
|
|
|
C9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000C9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C9B000
|
| Size: |
69632
|
|
|
5570000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3347424768.0000000005570000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
2D04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
4096
|
|
|
478D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933555508.000000000478D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478D000
|
| Size: |
12288
|
|
|
6B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3349934769.0000000006B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B40000
|
| Size: |
8192
|
|
|
3310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876166444.0000000003310000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3310000
|
| Size: |
4096
|
|
|
18C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898739040.00000000018C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18C0000
|
| Size: |
4096
|
|
|
6820000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349717528.0000000006820000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6820000
|
| Size: |
8192
|
|
|
43E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.000000000043E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43E000
|
| Size: |
4096
|
|
|
1750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898396365.0000000001750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1750000
|
| Size: |
8192
|
|
|
17B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B6000
|
| Size: |
8192
|
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D00000
|
| Size: |
4096
|
|
|
4BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933996328.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB0000
|
| Size: |
65536
|
|
|
6430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.0000000006430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6430000
|
| Size: |
8192
|
|
|
2CF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF4000
|
| Size: |
4096
|
|
|
1350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.0000000001350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
20480
|
|
|
1D021671000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810191552.000001D021671000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021671000
|
| Size: |
4096
|
|
|
6A60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349034482.0000000006A60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A60000
|
| Size: |
65536
|
|
|
64AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902322210.00000000064AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
64AA000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933644778.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
8192
|
|
|
7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903054558.0000000007DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DC0000
|
| Size: |
65536
|
|
|
D9A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3334978111.0000000000D9A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9A000
|
| Size: |
24576
|
|
|
51CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347615368.00000000051CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51CE000
|
| Size: |
8192
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3339990308.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
1D026C4C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811045275.000001D026C4C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C4C000
|
| Size: |
8192
|
|
|
1D02168C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D02168C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02168C000
|
| Size: |
4096
|
|
|
AE9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936112012.000000000AE9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE9E000
|
| Size: |
8192
|
|
|
587E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.000000000587E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
587E000
|
| Size: |
8192
|
|
|
1D021613000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810644346.000001D021613000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021613000
|
| Size: |
57344
|
|
|
F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335788363.0000000000F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F30000
|
| Size: |
8192
|
|
|
3F4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F4E000
|
| Size: |
4096
|
|
|
1D021F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810100293.000001D021F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F09000
|
| Size: |
4096
|
|
|
3F2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F2F000
|
| Size: |
8192
|
|
|
13FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897940130.00000000013FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FE000
|
| Size: |
8192
|
|
|
1D026CEF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811217698.000001D026CEF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CEF000
|
| Size: |
16384
|
|
|
3D51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D51000
|
| Size: |
8192
|
|
|
6645000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348130256.0000000006645000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6645000
|
| Size: |
94208
|
|
|
A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929666432.0000000000A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3F000
|
| Size: |
4096
|
|
|
3117000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003117000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3117000
|
| Size: |
4096
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335410409.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
4096
|
|
|
AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929896002.0000000000AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA0000
|
| Size: |
4096
|
|
|
2C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339749847.0000000002C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C40000
|
| Size: |
4096
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335246964.00000000011E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
8192
|
|
|
F5A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336491919.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F5A000
|
| Size: |
8192
|
|
|
F6B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336767687.0000000000F6B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F6B000
|
| Size: |
4096
|
|
|
68B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350105947.00000000068B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68B0000
|
| Size: |
65536
|
|
|
2E05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E05000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F8E000
|
| Size: |
16384
|
|
|
A8DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935887693.000000000A8DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8DE000
|
| Size: |
8192
|
|
|
1306000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336508424.0000000001306000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1306000
|
| Size: |
8192
|
|
|
67BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348904206.00000000067BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67BA000
|
| Size: |
24576
|
|
|
1302000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336455635.0000000001302000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1302000
|
| Size: |
4096
|
|
|
3262000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003262000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3262000
|
| Size: |
4096
|
|
|
3EB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.932805273.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EB9000
|
| Size: |
176128
|
|
|
3210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3210000
|
| Size: |
8192
|
|
|
1D021693000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810737104.000001D021693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021693000
|
| Size: |
40960
|
|
|
1960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898797418.0000000001960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1960000
|
| Size: |
4096
|
|
|
438000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.0000000000438000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
438000
|
| Size: |
8192
|
|
|
130A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336596756.000000000130A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
130A000
|
| Size: |
8192
|
|
|
1D021600000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810627823.000001D021600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021600000
|
| Size: |
73728
|
|
|
31E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31E7000
|
| Size: |
4096
|
|
|
5560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347334145.0000000005560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5560000
|
| Size: |
65536
|
|
|
2F9D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9D000
|
| Size: |
16384
|
|
|
F34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335973142.0000000000F34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F34000
|
| Size: |
8192
|
|
|
760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929104787.0000000000760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
8192
|
|
|
5C90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901959801.0000000005C90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C90000
|
| Size: |
12288
|
|
|
584B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934768282.000000000584B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
584B000
|
| Size: |
61440
|
|
|
6A90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349350758.0000000006A90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A90000
|
| Size: |
8192
|
|
|
2DE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE3000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336146282.0000000000F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
45056
|
|
|
6330000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347927918.0000000006330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6330000
|
| Size: |
405504
|
|
|
3223000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003223000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3223000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
13DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.00000000013DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13DD000
|
| Size: |
8192
|
|
|
1810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3339861731.0000000001810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1810000
|
| Size: |
16384
|
|
|
30BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30BD000
|
| Size: |
32768
|
|
|
3E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929024886.00000000003E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E0000
|
| Size: |
4096
|
|
|
1D026A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809888020.000001D026A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A50000
|
| Size: |
4096
|
|
|
1D021622000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810644346.000001D021622000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021622000
|
| Size: |
32768
|
|
|
1990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898908224.0000000001990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1990000
|
| Size: |
65536
|
|
|
3D54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D54000
|
| Size: |
12288
|
|
|
50B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.934544289.00000000050B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B0000
|
| Size: |
65536
|
|
|
1890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898601965.0000000001890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1890000
|
| Size: |
4096
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
32768
|
|
|
17B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B0000
|
| Size: |
20480
|
|
|
596A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901771130.000000000596A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
596A000
|
| Size: |
24576
|
|
|
1892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898618842.0000000001892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1892000
|
| Size: |
4096
|
|
|
5C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901899007.0000000005C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C60000
|
| Size: |
65536
|
|
|
ABB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.930008543.0000000000ABB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABB000
|
| Size: |
4096
|
|
|
11CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338173095.00000000011CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CE000
|
| Size: |
8192
|
|
|
2CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA0000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
57A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934616403.00000000057A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57A2000
|
| Size: |
98304
|
|
|
646E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348625873.000000000646E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
646E000
|
| Size: |
8192
|
|
|
1760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898417128.0000000001760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1760000
|
| Size: |
16384
|
|
|
1D026C28000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811011551.000001D026C28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C28000
|
| Size: |
77824
|
|
|
303F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908264997.000000000303F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
303F000
|
| Size: |
4096
|
|
|
1D026A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809523411.000001D026A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A10000
|
| Size: |
4096
|
|
|
18A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898691093.00000000018A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18A2000
|
| Size: |
4096
|
|
|
3107000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003107000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3107000
|
| Size: |
4096
|
|
|
1D0216A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810737104.000001D0216A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216A4000
|
| Size: |
16384
|
|
|
6630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902461664.0000000006630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6630000
|
| Size: |
4096
|
|
|
1D0216B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D0216B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B6000
|
| Size: |
20480
|
|
|
6920000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3350525692.0000000006920000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6920000
|
| Size: |
36864
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335327849.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
8192
|
|
|
1D026CF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811217698.000001D026CF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CF4000
|
| Size: |
20480
|
|
|
3D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
16384
|
|
|
F67000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336719627.0000000000F67000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F67000
|
| Size: |
4096
|
|
|
1873000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898480716.0000000001873000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1873000
|
| Size: |
4096
|
|
|
F56000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3336435726.0000000000F56000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F56000
|
| Size: |
8192
|
|
|
5DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902031395.0000000005DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DDE000
|
| Size: |
8192
|
|
|
6FAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935476695.0000000006FAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FAE000
|
| Size: |
8192
|
|
|
3E76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003E76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E76000
|
| Size: |
12288
|
|
|
30BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908317734.00000000030BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BF000
|
| Size: |
4096
|
|
|
4302000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004302000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4302000
|
| Size: |
12288
|
|
|
6810000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349628557.0000000006810000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6810000
|
| Size: |
65536
|
|
|
58C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901452897.00000000058C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58C0000
|
| Size: |
4096
|
|
|
1D02168E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810737104.000001D02168E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02168E000
|
| Size: |
8192
|
|
|
1D02168E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D02168E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02168E000
|
| Size: |
8192
|
|
|
12E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336007065.00000000012E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E4000
|
| Size: |
8192
|
|
|
C300CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810400863.000000C300CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C300CFE000
|
| Size: |
8192
|
|
|
2CF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF8000
|
| Size: |
4096
|
|
|
1D0216FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809573270.000001D0216FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216FE000
|
| Size: |
12288
|
|
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349435867.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6AA0000
|
| Size: |
65536
|
|
|
5900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901558696.0000000005900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5900000
|
| Size: |
65536
|
|
|
58E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.901530250.00000000058E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
58E0000
|
| Size: |
4096
|
|
|
57BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934616403.00000000057BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57BD000
|
| Size: |
12288
|
|
|
644D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.000000000644D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
644D000
|
| Size: |
12288
|
|
|
EF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.864686914.0000000000EF0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
EF0000
|
| Size: |
4096
|
|
|
6B90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3350219914.0000000006B90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B90000
|
| Size: |
36864
|
|
|
15AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338457103.00000000015AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15AE000
|
| Size: |
8192
|
|
|
BAAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903629733.000000000BAAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BAAE000
|
| Size: |
8192
|
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908248046.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
24576
|
|
|
4393000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004393000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4393000
|
| Size: |
16384
|
|
|
55C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347482174.00000000055C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55C6000
|
| Size: |
8192
|
|
|
7D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903012904.0000000007D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D6E000
|
| Size: |
8192
|
|
|
1D026B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808366920.000001D026B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B20000
|
| Size: |
4096
|
|
|
3260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899040630.0000000003260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3260000
|
| Size: |
65536
|
|
|
6397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347927918.0000000006397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6397000
|
| Size: |
12288
|
|
|
5A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901813110.0000000005A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A20000
|
| Size: |
65536
|
|
|
152F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338092057.000000000152F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
152F000
|
| Size: |
4096
|
|
|
C8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930172520.0000000000C8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C8B000
|
| Size: |
20480
|
|
|
1D026CCF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811171326.000001D026CCF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CCF000
|
| Size: |
102400
|
|
|
2ED5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002ED5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED5000
|
| Size: |
4096
|
|
|
3378000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003378000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3378000
|
| Size: |
8192
|
|
|
2DD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD6000
|
| Size: |
4096
|
|
|
67C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349058879.00000000067C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C8000
|
| Size: |
16384
|
|
|
43C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000043C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43C4000
|
| Size: |
4096
|
|
|
1D021470000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810583451.000001D021470000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021470000
|
| Size: |
4096
|
|
|
2E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908213349.0000000002E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E20000
|
| Size: |
32768
|
|
|
123E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3335480886.000000000123E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123E000
|
| Size: |
8192
|
|
|
19BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898989832.00000000019BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19BA000
|
| Size: |
20480
|
|
|
1D0216FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810862213.000001D0216FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216FE000
|
| Size: |
12288
|
|
|
A83000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929759569.0000000000A83000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A83000
|
| Size: |
4096
|
|
|
703BD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903957133.00000000703BD000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
703BD000
|
| Size: |
8192
|
|
|
1D026A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808963967.000001D026A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A60000
|
| Size: |
4096
|
|
|
67CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349058879.00000000067CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67CD000
|
| Size: |
12288
|
|
|
1D022340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809904288.000001D022340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D022340000
|
| Size: |
4096
|
|
|
131B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336897233.000000000131B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
131B000
|
| Size: |
4096
|
|
|
1D021693000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D021693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021693000
|
| Size: |
40960
|
|
|
1D028010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809990331.000001D028010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D028010000
|
| Size: |
4096
|
|
|
3DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DD0000
|
| Size: |
4096
|
|
|
2FA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002FA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA2000
|
| Size: |
376832
|
|
|
BBEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903674731.000000000BBEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBEE000
|
| Size: |
8192
|
|
|
BE3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903713127.000000000BE3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BE3E000
|
| Size: |
8192
|
|
|
1D0216A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810257070.000001D0216A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216A8000
|
| Size: |
32768
|
|
|
1D02169E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810737104.000001D02169E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02169E000
|
| Size: |
20480
|
|
|
32EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EA000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3146000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003146000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3146000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
507E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.934386583.000000000507E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
507E000
|
| Size: |
4096
|
|
|
3113000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003113000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3113000
|
| Size: |
4096
|
|
|
C1E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903864023.000000000C1E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C1E0000
|
| Size: |
4096
|
|
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929813476.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A8D000
|
| Size: |
4096
|
|
|
58A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935064044.00000000058A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58A0000
|
| Size: |
4096
|
|
|
4164000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004164000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4164000
|
| Size: |
12288
|
|
|
1D021F02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810100293.000001D021F02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F02000
|
| Size: |
4096
|
|
|
C300D7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810416426.000000C300D7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C300D7E000
|
| Size: |
4096
|
|
|
336F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000336F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
336F000
|
| Size: |
4096
|
|
|
4286000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004286000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4286000
|
| Size: |
12288
|
|
|
4212000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004212000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4212000
|
| Size: |
4096
|
|
|
4B40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.933747424.0000000004B40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B40000
|
| Size: |
65536
|
|
|
6B70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3350187669.0000000006B70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B70000
|
| Size: |
8192
|
|
|
DE5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3335497337.0000000000DE5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE5000
|
| Size: |
16384
|
|
|
41E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000041E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41E0000
|
| Size: |
4096
|
|
|
CE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930373697.0000000000CE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE6000
|
| Size: |
40960
|
|
|
AA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929913878.0000000000AA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA2000
|
| Size: |
4096
|
|
|
792E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902662856.000000000792E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
792E000
|
| Size: |
8192
|
|
|
67C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349058879.00000000067C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C0000
|
| Size: |
4096
|
|
|
30DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000030DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30DA000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4281000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899909461.0000000004281000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4281000
|
| Size: |
28672
|
|
|
32CC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032CC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32CC000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
321E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000321E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
321E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4106000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004106000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4106000
|
| Size: |
16384
|
|
|
5288000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900327255.0000000005288000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5288000
|
| Size: |
4096
|
|
|
440000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.0000000000440000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
3315000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003315000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3315000
|
| Size: |
16384
|
|
|
3EDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EDC000
|
| Size: |
4096
|
|
|
31F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31F2000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935434057.0000000006D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D3E000
|
| Size: |
8192
|
|
|
2CAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAD000
|
| Size: |
36864
|
|
|
1D021F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1251143407.000001D021F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F1A000
|
| Size: |
4096
|
|
|
4C58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347271058.0000000004C58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C58000
|
| Size: |
4096
|
|
|
1D021E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810930996.000001D021E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021E00000
|
| Size: |
4096
|
|
|
2785000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.0000000002785000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2785000
|
| Size: |
53248
|
|
|
324E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000324E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
65536
|
|
|
64DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348064248.00000000064DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64DE000
|
| Size: |
8192
|
|
|
5952000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901704358.0000000005952000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5952000
|
| Size: |
57344
|
|
|
2CC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC3000
|
| Size: |
4096
|
|
|
41E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.000000000041E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
41E000
|
| Size: |
4096
|
|
|
55D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347591487.00000000055D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55D0000
|
| Size: |
49152
|
|
|
2EC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC2000
|
| Size: |
4096
|
|
|
AB20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936018827.000000000AB20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB20000
|
| Size: |
36864
|
|
|
3C51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003C51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C51000
|
| Size: |
32768
|
|
|
35DF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876284646.00000000035DF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
35DF000
|
| Size: |
4096
|
|
|
C37F57B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810541464.000000C37F57B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C37F57B000
|
| Size: |
20480
|
|
|
B92D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903574219.000000000B92D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B92D000
|
| Size: |
12288
|
|
|
1D021F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810144425.000001D021F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F00000
|
| Size: |
4096
|
|
|
1530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338143440.0000000001530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
4096
|
|
|
6A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348989975.0000000006A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A5E000
|
| Size: |
8192
|
|
|
1D026BD0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204880553.000001D026BD0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026BD0000
|
| Size: |
4096
|
|
|
1310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336648821.0000000001310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
4096
|
|
|
1230000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338452606.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1230000
|
| Size: |
16384
|
|
|
2739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.0000000002739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2739000
|
| Size: |
299008
|
|
|
3F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F83000
|
| Size: |
16384
|
|
|
4B6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933840874.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B6A000
|
| Size: |
24576
|
|
|
2CFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CFC000
|
| Size: |
4096
|
|
|
6B30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349843120.0000000006B30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B30000
|
| Size: |
65536
|
|
|
F62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336590952.0000000000F62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F62000
|
| Size: |
4096
|
|
|
55E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3347697226.00000000055E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55E0000
|
| Size: |
65536
|
|
|
B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930106742.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
16384
|
|
|
806000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000806000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
806000
|
| Size: |
53248
|
|
|
BBAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903648456.000000000BBAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBAE000
|
| Size: |
8192
|
|
|
31DF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031DF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31DF000
|
| Size: |
8192
|
|
|
58A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900771408.00000000058A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A0000
|
| Size: |
16384
|
|
|
6B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3349672790.0000000006B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B10000
|
| Size: |
49152
|
|
|
B11B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936178659.000000000B11B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B11B000
|
| Size: |
20480
|
|
|
F88000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000000F88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F88000
|
| Size: |
135168
|
|
|
32C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C7000
|
| Size: |
4096
|
|
|
5210000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3347647463.0000000005210000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5210000
|
| Size: |
4096
|
|
|
25CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930598290.00000000025CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25CE000
|
| Size: |
8192
|
|
|
4BC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934049163.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC0000
|
| Size: |
28672
|
|
|
1390000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339566772.0000000001390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1390000
|
| Size: |
16384
|
|
|
77A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.000000000077A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77A000
|
| Size: |
8192
|
|
|
7FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.00000000007FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7FD000
|
| Size: |
8192
|
|
|
1D0216A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D0216A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216A4000
|
| Size: |
49152
|
|
|
3FCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003FCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FCA000
|
| Size: |
12288
|
|
|
703A1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.903899772.00000000703A1000.00000020.00000001.01000000.0000000B.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
703A1000
|
| Size: |
86016
|
|
|
4314000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004314000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4314000
|
| Size: |
4096
|
|
|
1D02169E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D02169E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02169E000
|
| Size: |
20480
|
|
|
1D026C52000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811045275.000001D026C52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C52000
|
| Size: |
12288
|
|
|
5283000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347678439.0000000005283000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5283000
|
| Size: |
8192
|
|
|
14C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.00000000014C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C6000
|
| Size: |
8192
|
|
|
3366000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003366000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3366000
|
| Size: |
8192
|
|
|
B21C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936204758.000000000B21C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B21C000
|
| Size: |
16384
|
|
|
671D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348757656.000000000671D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
671D000
|
| Size: |
12288
|
|
|
648D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902322210.000000000648D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
648D000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1D021702000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809573270.000001D021702000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021702000
|
| Size: |
45056
|
|
|
137D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.000000000137D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
137D000
|
| Size: |
16384
|
|
|
77E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.000000000077E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77E000
|
| Size: |
102400
|
|
|
5E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902123574.0000000005E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E60000
|
| Size: |
65536
|
|
|
1540000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3338196393.0000000001540000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1540000
|
| Size: |
65536
|
|
|
F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336273421.0000000000F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
4096
|
|
|
1D02168C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810737104.000001D02168C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02168C000
|
| Size: |
4096
|
|
|
17DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17DD000
|
| Size: |
69632
|
|
|
18A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898673074.00000000018A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18A0000
|
| Size: |
4096
|
|
|
4270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4270000
|
| Size: |
4096
|
|
|
F52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336371105.0000000000F52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F52000
|
| Size: |
4096
|
|
|
194B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898772000.000000000194B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
194B000
|
| Size: |
20480
|
|
|
4AA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899909461.0000000004AA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AA9000
|
| Size: |
176128
|
|
|
1535000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898311100.0000000001535000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1535000
|
| Size: |
12288
|
|
|
6AB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349559619.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6AB0000
|
| Size: |
65536
|
|
|
A7DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935854154.000000000A7DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7DF000
|
| Size: |
4096
|
|
|
1D026B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203407084.000001D026B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B90000
|
| Size: |
8192
|
|
|
4061000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004061000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4061000
|
| Size: |
32768
|
|
|
5080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934424436.0000000005080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5080000
|
| Size: |
4096
|
|
|
34BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876228067.00000000034BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34BC000
|
| Size: |
36864
|
|
|
55CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347482174.00000000055CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55CA000
|
| Size: |
24576
|
|
|
1D026B30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808090202.000001D026B30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B30000
|
| Size: |
4096
|
|
|
18A7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898707295.00000000018A7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18A7000
|
| Size: |
4096
|
|
|
325E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899025458.000000000325E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325E000
|
| Size: |
8192
|
|
|
135E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.000000000135E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
135E000
|
| Size: |
45056
|
|
|
1D0269A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810007142.000001D0269A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D0269A0000
|
| Size: |
4096
|
|
|
135A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336932167.000000000135A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
135A000
|
| Size: |
8192
|
|
|
12F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3336211850.00000000012F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
28672
|
|
|
1D021DD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809620174.000001D021DD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D021DD1000
|
| Size: |
4096
|
|
|
40E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000040E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40E0000
|
| Size: |
16384
|
|
|
3384000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899086154.0000000003384000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4182016
|
|
|
2CCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCB000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
68D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350325945.00000000068D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68D7000
|
| Size: |
36864
|
|
|
1D026BD0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204838410.000001D026BD0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026BD0000
|
| Size: |
4096
|
|
|
1D026A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203581921.000001D026A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A60000
|
| Size: |
8192
|
|
|
3CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CD0000
|
| Size: |
16384
|
|
|
2B3A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.908102947.0000000002B3A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B3A000
|
| Size: |
24576
|
|
|
C0BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903816661.000000000C0BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C0BE000
|
| Size: |
8192
|
|
|
41F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.00000000041F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41F6000
|
| Size: |
12288
|
|
|
17CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17CA000
|
| Size: |
4096
|
|
|
3CE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE1000
|
| Size: |
4096
|
|
|
A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929838515.0000000000A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
8192
|
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897915678.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
8192
|
|
|
6A80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3349211755.0000000006A80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A80000
|
| Size: |
65536
|
|
|
5CDB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902011194.0000000005CDB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CDB000
|
| Size: |
20480
|
|
|
4B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933787733.0000000004B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B52000
|
| Size: |
57344
|
|
|
2E01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E01000
|
| Size: |
8192
|
|
|
6640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902461664.0000000006640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6640000
|
| Size: |
65536
|
|
|
6B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935399352.0000000006B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B7E000
|
| Size: |
8192
|
|
|
1D0269B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810023149.000001D0269B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D0269B0000
|
| Size: |
4096
|
|
|
6F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929051093.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F7000
|
| Size: |
36864
|
|
|
6F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935458006.0000000006F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F6E000
|
| Size: |
8192
|
|
|
32D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000032D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D2000
|
| Size: |
4096
|
|
|
502E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934250803.000000000502E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
502E000
|
| Size: |
8192
|
|
|
4D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934170110.0000000004D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
68AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3349966487.00000000068AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68AA000
|
| Size: |
8192
|
|
|
31E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000031E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31E5000
|
| Size: |
4096
|
|
|
B4A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936309006.000000000B4A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B4A0000
|
| Size: |
4096
|
|
|
4B33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.933704843.0000000004B33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B33000
|
| Size: |
8192
|
|
|
55F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347787511.00000000055F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55F3000
|
| Size: |
8192
|
|
|
1D021706000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810862213.000001D021706000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021706000
|
| Size: |
28672
|
|
|
5E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902069441.0000000005E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E3E000
|
| Size: |
8192
|
|
|
689E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348897516.000000000689E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
689E000
|
| Size: |
8192
|
|
|
33AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000033AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33AE000
|
| Size: |
12288
|
|
|
58B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901315768.00000000058B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58B0000
|
| Size: |
65536
|
|
|
6B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3350051365.0000000006B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B50000
|
| Size: |
40960
|
|
|
C37ED7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810463540.000000C37ED7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C37ED7E000
|
| Size: |
4096
|
|
|
1D026B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809848673.000001D026B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B60000
|
| Size: |
4096
|
|
|
6B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3349749123.0000000006B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B20000
|
| Size: |
65536
|
|
|
3322000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003322000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3322000
|
| Size: |
229376
|
|
|
331C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000331C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
331C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
6433000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.0000000006433000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6433000
|
| Size: |
102400
|
|
|
3103000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003103000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3103000
|
| Size: |
4096
|
|
|
5AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901881811.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AC0000
|
| Size: |
8192
|
|
|
816000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929127282.0000000000816000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
816000
|
| Size: |
57344
|
|
|
57EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934768282.00000000057EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57EF000
|
| Size: |
8192
|
|
|
64AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348678313.00000000064AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64AE000
|
| Size: |
8192
|
|
|
1D026A89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203462152.000001D026A89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026A89000
|
| Size: |
28672
|
|
|
588D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.000000000588D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
588D000
|
| Size: |
16384
|
|
|
420000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.0000000000420000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
420000
|
| Size: |
24576
|
|
|
136A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.000000000136A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
136A000
|
| Size: |
4096
|
|
|
3270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899066554.0000000003270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
4096
|
|
|
43A000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3334047307.000000000043A000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43A000
|
| Size: |
4096
|
|
|
3390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876214229.0000000003390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3390000
|
| Size: |
20480
|
|
|
2ECB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ECB000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
77C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902537080.00000000077C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77C0000
|
| Size: |
77824
|
|
|
7AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902944950.0000000007AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7AEE000
|
| Size: |
8192
|
|
|
5AA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.901843668.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5AA0000
|
| Size: |
65536
|
|
|
6A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935162814.0000000006A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A20000
|
| Size: |
77824
|
|
|
2CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
4096
|
|
|
5BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3347952514.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BA0000
|
| Size: |
65536
|
|
|
6FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935495829.0000000006FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FEE000
|
| Size: |
8192
|
|
|
566E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347763027.000000000566E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
566E000
|
| Size: |
8192
|
|
|
C3002FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810354370.000000C3002FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C3002FE000
|
| Size: |
4096
|
|
|
D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930465049.0000000000D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D00000
|
| Size: |
16384
|
|
|
1471000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.0000000001471000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1471000
|
| Size: |
335872
|
|
|
C07C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903788428.000000000C07C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C07C000
|
| Size: |
16384
|
|
|
5280000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347678439.0000000005280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338414608.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
4096
|
|
|
67B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348904206.00000000067B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67B4000
|
| Size: |
4096
|
|
|
3169000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.0000000003169000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3169000
|
| Size: |
442368
|
|
|
CB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000CB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CB1000
|
| Size: |
16384
|
|
|
19A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.898935496.00000000019A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19A0000
|
| Size: |
65536
|
|
|
CE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930373697.0000000000CE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE4000
|
| Size: |
4096
|
|
|
32AA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876151521.00000000032AA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32AA000
|
| Size: |
24576
|
|
|
D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930512451.0000000000D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
65536
|
|
|
187D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898519839.000000000187D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
187D000
|
| Size: |
4096
|
|
|
1D026B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203561786.000001D026B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1D026B80000
|
| Size: |
4096
|
|
|
3A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.928878017.00000000003A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5000
|
| Size: |
16384
|
|
|
1D026D0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1255785131.000001D026D0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026D0A000
|
| Size: |
4096
|
|
|
A93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929857821.0000000000A93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A93000
|
| Size: |
12288
|
|
|
A9D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.929879120.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A9D000
|
| Size: |
4096
|
|
|
FAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAA000
|
| Size: |
12288
|
|
|
1D02167B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810724418.000001D02167B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02167B000
|
| Size: |
4096
|
|
|
A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929698663.0000000000A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7E000
|
| Size: |
8192
|
|
|
2DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD4000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
AB1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.935985513.000000000AB1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB1D000
|
| Size: |
12288
|
|
|
FB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3336818910.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB4000
|
| Size: |
4096
|
|
|
1D026CEB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811171326.000001D026CEB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026CEB000
|
| Size: |
12288
|
|
|
1071000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338055469.0000000001071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1071000
|
| Size: |
57344
|
|
|
311F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.000000000311F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
311F000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6639000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3348130256.0000000006639000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6639000
|
| Size: |
8192
|
|
|
26DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930673276.00000000026DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26DA000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2E07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E07000
|
| Size: |
4096
|
|
|
645F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.000000000645F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
645F000
|
| Size: |
4096
|
|
|
1D0216A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810806328.000001D0216A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216A9000
|
| Size: |
28672
|
|
|
433F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.000000000433F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
433F000
|
| Size: |
8192
|
|
|
1180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338123088.0000000001180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1180000
|
| Size: |
4096
|
|
|
1317000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336830765.0000000001317000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1317000
|
| Size: |
4096
|
|
|
43D000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.000000000043D000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43D000
|
| Size: |
4096
|
|
|
1950000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.898786848.0000000001950000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1950000
|
| Size: |
4096
|
|
|
2F12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F12000
|
| Size: |
225280
|
|
|
2EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340105288.0000000002EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EAE000
|
| Size: |
8192
|
|
|
67D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349215974.00000000067D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
67D0000
|
| Size: |
65536
|
|
|
3373000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.899086154.0000000003373000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3373000
|
| Size: |
4096
|
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.932805273.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3691000
|
| Size: |
28672
|
|
|
68D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350325945.00000000068D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68D0000
|
| Size: |
4096
|
|
|
7D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902987545.0000000007D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D2E000
|
| Size: |
8192
|
|
|
6930000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3350590742.0000000006930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6930000
|
| Size: |
4096
|
|
|
C1BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.903833700.000000000C1BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C1BE000
|
| Size: |
8192
|
|
|
6B47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3349934769.0000000006B47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B47000
|
| Size: |
36864
|
|
|
1D0216BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810848181.000001D0216BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216BC000
|
| Size: |
4096
|
|
|
33B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3340281439.00000000033B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33B2000
|
| Size: |
376832
|
|
|
1D026D02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811263627.000001D026D02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026D02000
|
| Size: |
4096
|
|
|
6BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3350298824.0000000006BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BB0000
|
| Size: |
4096
|
|
|
1D0216B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2809695649.000001D0216B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B2000
|
| Size: |
4096
|
|
|
5892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900525010.0000000005892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5892000
|
| Size: |
49152
|
|
|
1340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338518783.0000000001340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
65536
|
|
|
17CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17CE000
|
| Size: |
4096
|
|
|
6B30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.935348248.0000000006B30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B30000
|
| Size: |
49152
|
|
|
6840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3349869922.0000000006840000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6840000
|
| Size: |
65536
|
|
|
1D021702000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810862213.000001D021702000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021702000
|
| Size: |
8192
|
|
|
25D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930619523.00000000025D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25D8000
|
| Size: |
4096
|
|
|
AB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.929973445.0000000000AB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AB2000
|
| Size: |
4096
|
|
|
5930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.901600119.0000000005930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5930000
|
| Size: |
4096
|
|
|
57F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934768282.00000000057F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57F2000
|
| Size: |
204800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1D0216B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2810257070.000001D0216B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0216B2000
|
| Size: |
4096
|
|
|
146F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.000000000146F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146F000
|
| Size: |
4096
|
|
|
43F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3333951904.000000000043F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43F000
|
| Size: |
4096
|
|
|
632E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347894882.000000000632E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
632E000
|
| Size: |
8192
|
|
|
68C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3350212921.00000000068C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
68C0000
|
| Size: |
65536
|
|
|
CAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.930198897.0000000000CAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CAE000
|
| Size: |
8192
|
|
|
1430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.0000000001430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1430000
|
| Size: |
36864
|
|
|
67B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3348904206.00000000067B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67B6000
|
| Size: |
8192
|
|
|
17BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338997443.00000000017BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17BE000
|
| Size: |
45056
|
|
|
5055000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934272730.0000000005055000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5055000
|
| Size: |
40960
|
|
|
C37F67E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2810556302.000000C37F67E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C37F67E000
|
| Size: |
4096
|
|
|
6463000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902180337.0000000006463000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6463000
|
| Size: |
8192
|
|
|
1550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338280288.0000000001550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1550000
|
| Size: |
65536
|
|
|
1457000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.897967596.0000000001457000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1457000
|
| Size: |
49152
|
|
|
1315000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3336779882.0000000001315000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1315000
|
| Size: |
4096
|
|
|
2F5F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
4096
|
|
|
4374000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3346014920.0000000004374000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4374000
|
| Size: |
12288
|
|
|
1D026C84000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2811085920.000001D026C84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D026C84000
|
| Size: |
122880
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.876313440.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
15F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3338609574.00000000015F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15F0000
|
| Size: |
4096
|
|
|
1D02162B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810673510.000001D02162B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D02162B000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.900387337.0000000005760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
36864
|
|
|
1376000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3338630160.0000000001376000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1376000
|
| Size: |
16384
|
|
|
5826000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.934768282.0000000005826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5826000
|
| Size: |
147456
|
|
|
77D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.902537080.00000000077D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77D4000
|
| Size: |
4096
|
|
|
703BD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.936331425.00000000703BD000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
703BD000
|
| Size: |
8192
|
|
|
2E3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E3F000
|
| Size: |
65536
|
|
|
1D021713000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2810903076.000001D021713000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021713000
|
| Size: |
12288
|
|
|
1D021F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1255184440.000001D021F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D021F1A000
|
| Size: |
4096
|
|
|
3D26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3345931556.0000000003D26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D26000
|
| Size: |
4096
|
|
|
5136000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3347343397.0000000005136000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5136000
|
| Size: |
40960
|
|
|
2EDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3339790481.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
122880
|
|
