|
412A000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000006.00000002.986104944.000000000412A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
412A000
|
| Size: |
823296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF1000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
42F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.000000000042F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42F000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4479000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.931831960.0000000004479000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4479000
|
| Size: |
823296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3371000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6B37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141134096.0000000006B37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B37000
|
| Size: |
36864
|
|
|
69CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139381016.00000000069CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69CE000
|
| Size: |
8192
|
|
|
5620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934551943.0000000005620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
16384
|
|
|
B2CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938110080.000000000B2CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2CE000
|
| Size: |
8192
|
|
|
2DD217E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128413619.0000002DD217E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD217E000
|
| Size: |
4096
|
|
|
2DD3F7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129753056.0000002DD3F7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD3F7E000
|
| Size: |
4096
|
|
|
769E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937029816.000000000769E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
769E000
|
| Size: |
8192
|
|
|
1ABD0AFB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131534410.000001ABD0AFB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AFB000
|
| Size: |
4096
|
|
|
6B0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140751273.0000000006B0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B0A000
|
| Size: |
8192
|
|
|
3458000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003458000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3458000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.00000000028C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C1000
|
| Size: |
286720
|
|
|
2DD2B7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129059253.0000002DD2B7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD2B7E000
|
| Size: |
4096
|
|
|
43DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000043DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43DA000
|
| Size: |
4096
|
|
|
A2F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.0000000000A2F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A2F000
|
| Size: |
4096
|
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903965091.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1E0000
|
| Size: |
20480
|
|
|
1280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129591602.0000000001280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1280000
|
| Size: |
28672
|
|
|
4205000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004205000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4205000
|
| Size: |
12288
|
|
|
32B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952470490.00000000032B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32B0000
|
| Size: |
16384
|
|
|
2D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131056279.0000000002D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D40000
|
| Size: |
65536
|
|
|
5948000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988802061.0000000005948000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5948000
|
| Size: |
8192
|
|
|
3F5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F5C000
|
| Size: |
4096
|
|
|
6BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989162733.0000000006BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BA0000
|
| Size: |
77824
|
|
|
7A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937535533.0000000007A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A5E000
|
| Size: |
8192
|
|
|
BA8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938779237.000000000BA8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BA8F000
|
| Size: |
4096
|
|
|
4255000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004255000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4255000
|
| Size: |
4096
|
|
|
546E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137489429.000000000546E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546E000
|
| Size: |
8192
|
|
|
26C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981996684.00000000026C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C8000
|
| Size: |
4096
|
|
|
1ABD0AC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131242844.000001ABD0AC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AC2000
|
| Size: |
4096
|
|
|
1ABCC590000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130799171.000001ABCC590000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC590000
|
| Size: |
65536
|
|
|
4440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4440000
|
| Size: |
16384
|
|
|
454F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.000000000454F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
454F000
|
| Size: |
20480
|
|
|
2D86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D86000
|
| Size: |
16384
|
|
|
1ABCBC00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130446947.000001ABCBC00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBC00000
|
| Size: |
4096
|
|
|
1ABCB48F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB48F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB48F000
|
| Size: |
4096
|
|
|
11EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928897521.00000000011EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11EE000
|
| Size: |
8192
|
|
|
1ABD0C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131671111.000001ABD0C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0C90000
|
| Size: |
4096
|
|
|
30DF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030DF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30DF000
|
| Size: |
61440
|
|
|
3083000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003083000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3083000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1ABD0B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131590690.000001ABD0B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0B02000
|
| Size: |
4096
|
|
|
590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980487167.0000000000590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
590000
|
| Size: |
16384
|
|
|
1ABCB502000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130288099.000001ABCB502000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB502000
|
| Size: |
45056
|
|
|
12B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129975487.00000000012B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12B2000
|
| Size: |
4096
|
|
|
1ABD0A1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131061293.000001ABD0A1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A1F000
|
| Size: |
49152
|
|
|
636E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138466907.000000000636E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
636E000
|
| Size: |
8192
|
|
|
7650000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.936983411.0000000007650000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7650000
|
| Size: |
53248
|
|
|
2F5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5A000
|
| Size: |
8192
|
|
|
5AE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137902505.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AE6000
|
| Size: |
8192
|
|
|
31FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31FA000
|
| Size: |
16384
|
|
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140623574.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6AA0000
|
| Size: |
65536
|
|
|
1ABD09A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130995324.000001ABD09A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09A0000
|
| Size: |
4096
|
|
|
326E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132043620.000000000326E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326E000
|
| Size: |
8192
|
|
|
E59000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2128838635.0000000000E59000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E59000
|
| Size: |
28672
|
|
|
5530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137534042.0000000005530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5530000
|
| Size: |
65536
|
|
|
592D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137868468.000000000592D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
592D000
|
| Size: |
12288
|
|
|
40E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.986104944.00000000040E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40E9000
|
| Size: |
180224
|
|
|
2DA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131623884.0000000002DA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA6000
|
| Size: |
40960
|
|
|
128D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2129649920.000000000128D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
128D000
|
| Size: |
4096
|
|
|
2FA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA8000
|
| Size: |
4096
|
|
|
3560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3560000
|
| Size: |
57344
|
|
|
31B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31B2000
|
| Size: |
229376
|
|
|
3076000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003076000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3076000
|
| Size: |
4096
|
|
|
52E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934356934.00000000052E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
8192
|
|
|
4F80000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.988339298.0000000004F80000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
5076000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.0000000005076000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5076000
|
| Size: |
16384
|
|
|
1ABD0A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131061293.000001ABD0A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A00000
|
| Size: |
49152
|
|
|
2537000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981794346.0000000002537000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2537000
|
| Size: |
4096
|
|
|
419000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000419000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
419000
|
| Size: |
40960
|
|
|
672F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139535669.000000000672F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
672F000
|
| Size: |
4096
|
|
|
F7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928279228.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F7D000
|
| Size: |
4096
|
|
|
52D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934333904.00000000052D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
7A9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937617539.0000000007A9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A9D000
|
| Size: |
12288
|
|
|
352A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000352A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
352A000
|
| Size: |
4096
|
|
|
30B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B4000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F5A000
|
| Size: |
4096
|
|
|
16D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130542435.00000000016D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16D2000
|
| Size: |
4096
|
|
|
5ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137875513.0000000005ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ADF000
|
| Size: |
4096
|
|
|
2526000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981702266.0000000002526000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2526000
|
| Size: |
8192
|
|
|
2D14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929503957.0000000002D14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D14000
|
| Size: |
4182016
|
|
|
3522000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003522000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3522000
|
| Size: |
8192
|
|
|
68AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139810910.00000000068AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68AE000
|
| Size: |
8192
|
|
|
2500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981454692.0000000002500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2500000
|
| Size: |
8192
|
|
|
3428000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003428000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3428000
|
| Size: |
4096
|
|
|
5840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2137793888.0000000005840000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5840000
|
| Size: |
65536
|
|
|
1ABCBD1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1254992924.000001ABCBD1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBD1A000
|
| Size: |
4096
|
|
|
36C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36C2000
|
| Size: |
376832
|
|
|
4D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988288045.0000000004D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
1ABCC580000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130773835.000001ABCC580000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC580000
|
| Size: |
65536
|
|
|
546E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137502816.000000000546E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546E000
|
| Size: |
8192
|
|
|
30F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131720632.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F0000
|
| Size: |
4096
|
|
|
6FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935796630.0000000006FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FE0000
|
| Size: |
77824
|
|
|
FFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFE000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2F94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F94000
|
| Size: |
4096
|
|
|
BE60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.939013478.000000000BE60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BE60000
|
| Size: |
4096
|
|
|
5050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.0000000005050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5050000
|
| Size: |
12288
|
|
|
2A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929154244.0000000002A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A00000
|
| Size: |
4096
|
|
|
2BEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929300315.0000000002BEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BEC000
|
| Size: |
16384
|
|
|
F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928249352.0000000000F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952429888.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DF0000
|
| Size: |
4096
|
|
|
38C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.986104944.00000000038C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C9000
|
| Size: |
4096
|
|
|
1ABCB473000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129984170.000001ABCB473000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB473000
|
| Size: |
4096
|
|
|
6B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141327607.0000000006B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B40000
|
| Size: |
40960
|
|
|
12B5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2130010167.00000000012B5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12B5000
|
| Size: |
4096
|
|
|
4071000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004071000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4071000
|
| Size: |
4096
|
|
|
36B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B9000
|
| Size: |
4096
|
|
|
408000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000408000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
408000
|
| Size: |
36864
|
|
|
5E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935403730.0000000005E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E5E000
|
| Size: |
8192
|
|
|
1ABCBB70000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130430340.000001ABCBB70000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
1ABCBB70000
|
| Size: |
4096
|
|
|
B06E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990420152.000000000B06E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B06E000
|
| Size: |
8192
|
|
|
FBA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2128818534.0000000000FBA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBA000
|
| Size: |
24576
|
|
|
6A50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140246950.0000000006A50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A50000
|
| Size: |
65536
|
|
|
1ABCB400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129831951.000001ABCB400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB400000
|
| Size: |
73728
|
|
|
2D50000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2131142028.0000000002D50000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D50000
|
| Size: |
4096
|
|
|
2C00000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.929479864.0000000002C00000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2C00000
|
| Size: |
4096
|
|
|
4C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987648069.0000000004C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C80000
|
| Size: |
16384
|
|
|
FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF0000
|
| Size: |
36864
|
|
|
565E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934691302.000000000565E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
12288
|
|
|
2DD2479000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128592380.0000002DD2479000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD2479000
|
| Size: |
28672
|
|
|
5112000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933433689.0000000005112000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5112000
|
| Size: |
57344
|
|
|
13CD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2129297907.00000000013CD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13CD000
|
| Size: |
4096
|
|
|
46D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000046D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46D5000
|
| Size: |
4096
|
|
|
1273000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2129462725.0000000001273000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1273000
|
| Size: |
4096
|
|
|
BB9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952302440.0000000000BB9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB9000
|
| Size: |
28672
|
|
|
4D10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.987912265.0000000004D10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
65536
|
|
|
127D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2129549937.000000000127D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
127D000
|
| Size: |
4096
|
|
|
F73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928225788.0000000000F73000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F73000
|
| Size: |
4096
|
|
|
4612000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004612000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4612000
|
| Size: |
16384
|
|
|
2DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131888520.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DC0000
|
| Size: |
49152
|
|
|
1ABD09C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206908925.000001ABD09C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09C0000
|
| Size: |
8192
|
|
|
6DB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2140794202.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6DB0000
|
| Size: |
36864
|
|
|
F96000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928390696.0000000000F96000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F96000
|
| Size: |
8192
|
|
|
308A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.000000000308A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
308A000
|
| Size: |
4096
|
|
|
59AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137947176.00000000059AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59AE000
|
| Size: |
8192
|
|
|
2DD207E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128350112.0000002DD207E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD207E000
|
| Size: |
8192
|
|
|
289C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982056462.000000000289C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
289C000
|
| Size: |
16384
|
|
|
6D34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140128748.0000000006D34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D34000
|
| Size: |
32768
|
|
|
12AA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2129872179.00000000012AA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12AA000
|
| Size: |
8192
|
|
|
30A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A5000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
12D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130107029.00000000012D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12D0000
|
| Size: |
4096
|
|
|
1ABD0A2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131120828.000001ABD0A2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A2C000
|
| Size: |
65536
|
|
|
B3CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938174071.000000000B3CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3CE000
|
| Size: |
8192
|
|
|
2522000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981682843.0000000002522000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2522000
|
| Size: |
4096
|
|
|
13F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129523435.00000000013F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13F2000
|
| Size: |
4096
|
|
|
136E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2128993653.000000000136E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
136E000
|
| Size: |
8192
|
|
|
687E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138569001.000000000687E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
687E000
|
| Size: |
90112
|
|
|
6D50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2140381998.0000000006D50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6D50000
|
| Size: |
65536
|
|
|
33E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33E7000
|
| Size: |
4096
|
|
|
ACED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990293024.000000000ACED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACED000
|
| Size: |
12288
|
|
|
3070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3070000
|
| Size: |
8192
|
|
|
2DD367E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129596054.0000002DD367E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD367E000
|
| Size: |
8192
|
|
|
3687000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003687000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3687000
|
| Size: |
12288
|
|
|
FFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFA000
|
| Size: |
8192
|
|
|
1094000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000001094000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1094000
|
| Size: |
16384
|
|
|
2DD257E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128651875.0000002DD257E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD257E000
|
| Size: |
4096
|
|
|
2BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929371932.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BF0000
|
| Size: |
16384
|
|
|
6D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140524648.0000000006D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D60000
|
| Size: |
8192
|
|
|
1ABD09C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1270372132.000001ABD09C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09C1000
|
| Size: |
4096
|
|
|
55E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934506279.00000000055E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
65536
|
|
|
50F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933366473.00000000050F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
9E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980709665.00000000009E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E0000
|
| Size: |
32768
|
|
|
466F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.000000000466F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
466F000
|
| Size: |
4096
|
|
|
FD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928508512.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
FD0000
|
| Size: |
65536
|
|
|
1ABD09B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131011146.000001ABD09B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09B0000
|
| Size: |
4096
|
|
|
C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981379711.0000000000C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
8192
|
|
|
31FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31FF000
|
| Size: |
4096
|
|
|
1750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130786085.0000000001750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1750000
|
| Size: |
65536
|
|
|
1ABD0920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130921889.000001ABD0920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0920000
|
| Size: |
4096
|
|
|
6CA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2139697163.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CA0000
|
| Size: |
65536
|
|
|
4C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
16384
|
|
|
680F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138532675.000000000680F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
680F000
|
| Size: |
4096
|
|
|
425000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000425000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
425000
|
| Size: |
40960
|
|
|
1ABD0C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131645569.000001ABD0C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0C80000
|
| Size: |
4096
|
|
|
123E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129287573.000000000123E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123E000
|
| Size: |
8192
|
|
|
64AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138540233.00000000064AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64AE000
|
| Size: |
8192
|
|
|
41D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000041D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41D3000
|
| Size: |
12288
|
|
|
3414000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003414000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3414000
|
| Size: |
4096
|
|
|
319B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000319B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
319B000
|
| Size: |
4096
|
|
|
3F82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F82000
|
| Size: |
4096
|
|
|
2DA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131623884.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA4000
|
| Size: |
4096
|
|
|
417000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000417000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
417000
|
| Size: |
4096
|
|
|
47F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904162134.000000000047F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
4096
|
|
|
6FF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935796630.0000000006FF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FF4000
|
| Size: |
4096
|
|
|
40A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000040A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40A3000
|
| Size: |
4096
|
|
|
E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928094050.0000000000E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
8192
|
|
|
2F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9C000
|
| Size: |
4096
|
|
|
4C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987497863.0000000004C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
1ABD09E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131045949.000001ABD09E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09E0000
|
| Size: |
4096
|
|
|
323E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000323E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
12288
|
|
|
2DD2BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129093861.0000002DD2BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD2BFE000
|
| Size: |
8192
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980664689.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
4523000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004523000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4523000
|
| Size: |
4096
|
|
|
16F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130636513.00000000016F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16F0000
|
| Size: |
4096
|
|
|
686E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139751445.000000000686E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
686E000
|
| Size: |
8192
|
|
|
660F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.000000000660F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660F000
|
| Size: |
4096
|
|
|
1ABCC5B0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130852980.000001ABCC5B0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC5B0000
|
| Size: |
65536
|
|
|
AE2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990349988.000000000AE2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE2E000
|
| Size: |
8192
|
|
|
B43E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990554509.000000000B43E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B43E000
|
| Size: |
8192
|
|
|
34F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000034F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F9000
|
| Size: |
4096
|
|
|
30B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131671973.00000000030B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
49152
|
|
|
1ABCB513000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130331606.000001ABCB513000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB513000
|
| Size: |
24576
|
|
|
12F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2128885646.00000000012F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F7000
|
| Size: |
36864
|
|
|
1033000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000001033000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1033000
|
| Size: |
245760
|
|
|
1ABD0D50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1208902629.000001ABD0D50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0D50000
|
| Size: |
4096
|
|
|
A32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.0000000000A32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A32000
|
| Size: |
364544
|
|
|
2C11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929503957.0000000002C11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C11000
|
| Size: |
286720
|
|
|
5AF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138037163.0000000005AF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AF6000
|
| Size: |
4096
|
|
|
2DD307E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129334803.0000002DD307E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD307E000
|
| Size: |
8192
|
|
|
1ABD0AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131242844.000001ABD0AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AC0000
|
| Size: |
4096
|
|
|
2DD2E7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129215913.0000002DD2E7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD2E7E000
|
| Size: |
4096
|
|
|
13C3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2129205524.00000000013C3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13C3000
|
| Size: |
4096
|
|
|
2F63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F63000
|
| Size: |
4096
|
|
|
6B06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140751273.0000000006B06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B06000
|
| Size: |
4096
|
|
|
4C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987231544.0000000004C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
2DD2EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129256880.0000002DD2EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD2EFE000
|
| Size: |
8192
|
|
|
18C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131230832.00000000018C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18C0000
|
| Size: |
16384
|
|
|
5963000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988802061.0000000005963000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5963000
|
| Size: |
176128
|
|
|
1ABD09E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1207138345.000001ABD09E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09E0000
|
| Size: |
8192
|
|
|
2FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA0000
|
| Size: |
4096
|
|
|
B94E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938666205.000000000B94E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B94E000
|
| Size: |
8192
|
|
|
1ABCB4B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB4B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4B1000
|
| Size: |
4096
|
|
|
41EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000041EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41EF000
|
| Size: |
4096
|
|
|
307B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.000000000307B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
307B000
|
| Size: |
8192
|
|
|
2DD1F7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128276992.0000002DD1F7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD1F7E000
|
| Size: |
4096
|
|
|
3420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3420000
|
| Size: |
4096
|
|
|
6CD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2140023233.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CD0000
|
| Size: |
65536
|
|
|
1ABCBD13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130543491.000001ABCBD13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBD13000
|
| Size: |
28672
|
|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D81000
|
| Size: |
16384
|
|
|
52A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934162040.00000000052A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A0000
|
| Size: |
65536
|
|
|
36BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BE000
|
| Size: |
12288
|
|
|
508E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137405305.000000000508E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
508E000
|
| Size: |
8192
|
|
|
4D60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.988233754.0000000004D60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
65536
|
|
|
5014000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988497733.0000000005014000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5014000
|
| Size: |
45056
|
|
|
347B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000347B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
347B000
|
| Size: |
4096
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928116623.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
16384
|
|
|
1ABD0AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131387317.000001ABD0AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AD5000
|
| Size: |
90112
|
|
|
55F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934551943.00000000055F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55F0000
|
| Size: |
122880
|
|
|
71A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989488704.00000000071A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71A0000
|
| Size: |
65536
|
|
|
33C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33C1000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1ABD09C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1227671068.000001ABD09C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09C0000
|
| Size: |
4096
|
|
|
30F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30F3000
|
| Size: |
327680
|
|
|
347D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000347D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
347D000
|
| Size: |
434176
|
|
|
4447000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004447000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4447000
|
| Size: |
4096
|
|
|
4C66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987497863.0000000004C66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C66000
|
| Size: |
40960
|
|
|
5010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988497733.0000000005010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5010000
|
| Size: |
8192
|
|
|
2DD357E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129555749.0000002DD357E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD357E000
|
| Size: |
4096
|
|
|
4C85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987648069.0000000004C85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C85000
|
| Size: |
45056
|
|
|
24F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981432838.00000000024F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
24F0000
|
| Size: |
8192
|
|
|
640E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138374156.000000000640E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
640E000
|
| Size: |
8192
|
|
|
35DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35DC000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
13B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129079840.00000000013B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
8192
|
|
|
3572000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003572000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3572000
|
| Size: |
331776
|
|
|
65AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138587256.00000000065AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65AE000
|
| Size: |
8192
|
|
|
2CFB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952384764.0000000002CFB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CFB000
|
| Size: |
90112
|
|
|
568D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137737632.000000000568D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
568D000
|
| Size: |
12288
|
|
|
6B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141631983.0000000006B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B90000
|
| Size: |
4096
|
|
|
2D7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7E000
|
| Size: |
4096
|
|
|
CAF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952366492.0000000000CAF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CAF000
|
| Size: |
4096
|
|
|
3FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC0000
|
| Size: |
16384
|
|
|
5B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989140539.0000000005B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B90000
|
| Size: |
4096
|
|
|
2D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131024572.0000000002D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D20000
|
| Size: |
4096
|
|
|
1ABD0990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130977004.000001ABD0990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0990000
|
| Size: |
4096
|
|
|
130A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130133550.000000000130A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130A000
|
| Size: |
12288
|
|
|
FA7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928449765.0000000000FA7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
FA7000
|
| Size: |
4096
|
|
|
5AEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137902505.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AEA000
|
| Size: |
24576
|
|
|
5AFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138037163.0000000005AFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AFD000
|
| Size: |
12288
|
|
|
5054000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.0000000005054000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5054000
|
| Size: |
16384
|
|
|
411000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000411000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
411000
|
| Size: |
4096
|
|
|
3FF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF5000
|
| Size: |
12288
|
|
|
40CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000040CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40CF000
|
| Size: |
20480
|
|
|
33E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33E3000
|
| Size: |
4096
|
|
|
1ABCBD02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130502210.000001ABCBD02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBD02000
|
| Size: |
32768
|
|
|
5AF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138037163.0000000005AF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AF8000
|
| Size: |
16384
|
|
|
BC0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938813874.000000000BC0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BC0B000
|
| Size: |
20480
|
|
|
3078000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003078000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3078000
|
| Size: |
4096
|
|
|
279B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982019819.000000000279B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279B000
|
| Size: |
20480
|
|
|
12A6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2129830693.00000000012A6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12A6000
|
| Size: |
8192
|
|
|
1ABD0AF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131483382.000001ABD0AF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AF4000
|
| Size: |
24576
|
|
|
10A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.00000000010A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A8000
|
| Size: |
4096
|
|
|
3160000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2132020631.0000000003160000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3160000
|
| Size: |
4096
|
|
|
6D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140128748.0000000006D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D30000
|
| Size: |
12288
|
|
|
59B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2137980820.00000000059B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
59B0000
|
| Size: |
4096
|
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3676000
|
| Size: |
8192
|
|
|
315A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131923179.000000000315A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
315A000
|
| Size: |
24576
|
|
|
1314000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130133550.0000000001314000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1314000
|
| Size: |
4096
|
|
|
12B7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2130039968.00000000012B7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12B7000
|
| Size: |
4096
|
|
|
1ABCC570000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130733783.000001ABCC570000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC570000
|
| Size: |
65536
|
|
|
406000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000406000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
406000
|
| Size: |
4096
|
|
|
61EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138342582.00000000061EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61EF000
|
| Size: |
4096
|
|
|
44F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000044F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F1000
|
| Size: |
4096
|
|
|
660E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138449887.000000000660E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
660E000
|
| Size: |
8192
|
|
|
1ABCB4A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB4A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4A2000
|
| Size: |
16384
|
|
|
33DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33DB000
|
| Size: |
4096
|
|
|
250D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981576196.000000000250D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
250D000
|
| Size: |
4096
|
|
|
1ABD0C33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206963198.000001ABD0C33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0C33000
|
| Size: |
69632
|
|
|
AAAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990223819.000000000AAAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAAE000
|
| Size: |
8192
|
|
|
3528000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003528000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3528000
|
| Size: |
4096
|
|
|
646E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138508660.000000000646E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
646E000
|
| Size: |
8192
|
|
|
30A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A9000
|
| Size: |
4096
|
|
|
1ABD0AFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131567024.000001ABD0AFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AFD000
|
| Size: |
4096
|
|
|
531E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988622549.000000000531E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
531E000
|
| Size: |
8192
|
|
|
2F4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4D000
|
| Size: |
40960
|
|
|
E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928051281.0000000000E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E0E000
|
| Size: |
8192
|
|
|
6ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139422781.0000000006ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ACE000
|
| Size: |
8192
|
|
|
2B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929230583.0000000002B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B0E000
|
| Size: |
8192
|
|
|
6CB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2139858364.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CB0000
|
| Size: |
8192
|
|
|
1ABCB47D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB47D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB47D000
|
| Size: |
4096
|
|
|
1ABD0A0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131061293.000001ABD0A0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A0F000
|
| Size: |
49152
|
|
|
1274000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129501537.0000000001274000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
8192
|
|
|
980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.927910049.0000000000980000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
4096
|
|
|
43E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904075147.000000000043E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43E000
|
| Size: |
8192
|
|
|
71C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.989561137.00000000071C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
71C0000
|
| Size: |
65536
|
|
|
4FDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988357480.0000000004FDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FDC000
|
| Size: |
16384
|
|
|
5B00000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.989091579.0000000005B00000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5B00000
|
| Size: |
4096
|
|
|
52C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934280260.00000000052C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52C5000
|
| Size: |
40960
|
|
|
6A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140200205.0000000006A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A40000
|
| Size: |
8192
|
|
|
140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903590467.0000000000140000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140000
|
| Size: |
4096
|
|
|
2DD377E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129624305.0000002DD377E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD377E000
|
| Size: |
4096
|
|
|
3130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131775667.0000000003130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3130000
|
| Size: |
65536
|
|
|
41A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000041A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41A5000
|
| Size: |
4096
|
|
|
6BB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989162733.0000000006BB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BB4000
|
| Size: |
4096
|
|
|
10CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129032912.00000000010CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10CE000
|
| Size: |
8192
|
|
|
480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904245422.0000000000480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
480000
|
| Size: |
32768
|
|
|
1ABCB529000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130363134.000001ABCB529000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB529000
|
| Size: |
4096
|
|
|
6C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139543690.0000000006C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C90000
|
| Size: |
65536
|
|
|
1ABCB443000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129960002.000001ABCB443000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB443000
|
| Size: |
90112
|
|
|
1437000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129671371.0000000001437000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1437000
|
| Size: |
487424
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
31A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31A5000
|
| Size: |
16384
|
|
|
5770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935240161.0000000005770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5770000
|
| Size: |
65536
|
|
|
676E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139671987.000000000676E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
676E000
|
| Size: |
8192
|
|
|
3140000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131868273.0000000003140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3140000
|
| Size: |
4096
|
|
|
34F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000034F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F1000
|
| Size: |
8192
|
|
|
35F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35F6000
|
| Size: |
4096
|
|
|
442000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000442000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
442000
|
| Size: |
12288
|
|
|
1270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129417183.0000000001270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1270000
|
| Size: |
8192
|
|
|
5340000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.934413751.0000000005340000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
2D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D60000
|
| Size: |
20480
|
|
|
521E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988600502.000000000521E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
521E000
|
| Size: |
8192
|
|
|
2520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981660326.0000000002520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2520000
|
| Size: |
4096
|
|
|
2DD337E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129461218.0000002DD337E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD337E000
|
| Size: |
8192
|
|
|
AF6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990397771.000000000AF6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF6E000
|
| Size: |
8192
|
|
|
29F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929121657.00000000029F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F0000
|
| Size: |
65536
|
|
|
6A80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140499504.0000000006A80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A80000
|
| Size: |
8192
|
|
|
2DD267B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128717207.0000002DD267B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD267B000
|
| Size: |
20480
|
|
|
3156000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131923179.0000000003156000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3156000
|
| Size: |
8192
|
|
|
1ABD0A54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131174685.000001ABD0A54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A54000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
307E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000307E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
307E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129699727.0000000001290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1290000
|
| Size: |
16384
|
|
|
13FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2129630877.00000000013FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13FA000
|
| Size: |
8192
|
|
|
35FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35FF000
|
| Size: |
118784
|
|
|
5082000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.0000000005082000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5082000
|
| Size: |
49152
|
|
|
13F6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2129571063.00000000013F6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13F6000
|
| Size: |
8192
|
|
|
31F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31F5000
|
| Size: |
12288
|
|
|
317F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000317F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317F000
|
| Size: |
110592
|
|
|
5E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935458945.0000000005E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E70000
|
| Size: |
73728
|
|
|
595000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980487167.0000000000595000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
595000
|
| Size: |
12288
|
|
|
2DD2AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129013153.0000002DD2AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD2AFE000
|
| Size: |
8192
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
3154000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131923179.0000000003154000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
28B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.982140704.00000000028B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
28B0000
|
| Size: |
4096
|
|
|
B53F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990581982.000000000B53F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B53F000
|
| Size: |
4096
|
|
|
2DD29FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128916405.0000002DD29FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD29FE000
|
| Size: |
8192
|
|
|
2D7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7A000
|
| Size: |
4096
|
|
|
6630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.0000000006630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6630000
|
| Size: |
20480
|
|
|
1ABCB4FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130288099.000001ABCB4FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4FF000
|
| Size: |
8192
|
|
|
B98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938725530.000000000B98E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B98E000
|
| Size: |
8192
|
|
|
52C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934280260.00000000052C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52C0000
|
| Size: |
12288
|
|
|
1ABCBB60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130412129.000001ABCBB60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCBB60000
|
| Size: |
4096
|
|
|
3F19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F19000
|
| Size: |
180224
|
|
|
173E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130686300.000000000173E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
173E000
|
| Size: |
8192
|
|
|
51E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933600341.00000000051E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E0000
|
| Size: |
65536
|
|
|
6B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140907103.0000000006B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B10000
|
| Size: |
65536
|
|
|
1ABCC480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130670519.000001ABCC480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCC480000
|
| Size: |
4096
|
|
|
6CC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.989309591.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CC0000
|
| Size: |
49152
|
|
|
1ABCB3D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129771154.000001ABCB3D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB3D0000
|
| Size: |
12288
|
|
|
2DD287B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128815967.0000002DD287B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD287B000
|
| Size: |
20480
|
|
|
F9A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928408951.0000000000F9A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F9A000
|
| Size: |
4096
|
|
|
564B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934691302.000000000564B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564B000
|
| Size: |
8192
|
|
|
4FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988432235.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
28672
|
|
|
51F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933640300.00000000051F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
51CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988576130.00000000051CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51CD000
|
| Size: |
12288
|
|
|
1ABCBC02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130446947.000001ABCBC02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBC02000
|
| Size: |
4096
|
|
|
5750000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.935107670.0000000005750000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5750000
|
| Size: |
61440
|
|
|
1024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000001024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1024000
|
| Size: |
36864
|
|
|
1ABD0D50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1208941282.000001ABD0D50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0D50000
|
| Size: |
4096
|
|
|
1ABCB413000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129874589.000001ABCB413000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB413000
|
| Size: |
94208
|
|
|
F92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928374911.0000000000F92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F92000
|
| Size: |
4096
|
|
|
1CF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903795456.00000000001CF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1CF000
|
| Size: |
4096
|
|
|
1260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129370989.0000000001260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
8192
|
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4224000
|
| Size: |
16384
|
|
|
1ABD0CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131705757.000001ABD0CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0CE0000
|
| Size: |
4096
|
|
|
1ABCBD1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1259064459.000001ABCBD1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBD1A000
|
| Size: |
4096
|
|
|
4D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988115549.0000000004D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D30000
|
| Size: |
36864
|
|
|
572E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934972321.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572E000
|
| Size: |
8192
|
|
|
45FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000045FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45FD000
|
| Size: |
4096
|
|
|
3237000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003237000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3237000
|
| Size: |
4096
|
|
|
1ABCC240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130620160.000001ABCC240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCC240000
|
| Size: |
4096
|
|
|
2969000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.0000000002969000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2969000
|
| Size: |
307200
|
|
|
AF2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990374265.000000000AF2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF2E000
|
| Size: |
8192
|
|
|
4CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987783094.0000000004CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CC0000
|
| Size: |
65536
|
|
|
2D1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130967814.0000000002D1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D1C000
|
| Size: |
16384
|
|
|
FA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928427759.0000000000FA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FA2000
|
| Size: |
4096
|
|
|
3430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
16CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130477843.00000000016CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16CE000
|
| Size: |
8192
|
|
|
1435000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129671371.0000000001435000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1435000
|
| Size: |
4096
|
|
|
2D6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6E000
|
| Size: |
12288
|
|
|
14E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2130834895.00000000014E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14E0000
|
| Size: |
65536
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980639973.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
16384
|
|
|
2DD2C7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129136705.0000002DD2C7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD2C7E000
|
| Size: |
4096
|
|
|
2DD317E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129367884.0000002DD317E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD317E000
|
| Size: |
4096
|
|
|
3234000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003234000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3234000
|
| Size: |
8192
|
|
|
5290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933768468.0000000005290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5290000
|
| Size: |
65536
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.927999827.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
16384
|
|
|
1ABD0A61000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131242844.000001ABD0A61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A61000
|
| Size: |
200704
|
|
|
2C5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929503957.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C5A000
|
| Size: |
335872
|
|
|
5270000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.933726055.0000000005270000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
65536
|
|
|
2504000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981545818.0000000002504000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2504000
|
| Size: |
4096
|
|
|
269E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981880127.000000000269E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269E000
|
| Size: |
8192
|
|
|
35E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35E3000
|
| Size: |
4096
|
|
|
6E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140887956.0000000006E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E40000
|
| Size: |
8192
|
|
|
2BF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929371932.0000000002BF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BF5000
|
| Size: |
45056
|
|
|
4EF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137364487.0000000004EF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EF8000
|
| Size: |
4096
|
|
|
55DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934459723.00000000055DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55DD000
|
| Size: |
12288
|
|
|
4D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987886826.0000000004D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
5100000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.933386609.0000000005100000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5100000
|
| Size: |
65536
|
|
|
6810000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138569001.0000000006810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6810000
|
| Size: |
315392
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904540722.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
16384
|
|
|
46A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000046A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46A3000
|
| Size: |
20480
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
36864
|
|
|
5B0E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.989091579.0000000005B0E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5B0E000
|
| Size: |
4096
|
|
|
3530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3530000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137693969.0000000005830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5830000
|
| Size: |
49152
|
|
|
5D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138077852.0000000005D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D3E000
|
| Size: |
8192
|
|
|
2532000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981774067.0000000002532000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2532000
|
| Size: |
4096
|
|
|
6C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139502048.0000000006C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8E000
|
| Size: |
8192
|
|
|
3205000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003205000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3205000
|
| Size: |
4096
|
|
|
5AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138037163.0000000005AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AF0000
|
| Size: |
4096
|
|
|
5926000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988697742.0000000005926000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5926000
|
| Size: |
12288
|
|
|
4650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4650000
|
| Size: |
8192
|
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130133550.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
28672
|
|
|
6CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989255218.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CA0000
|
| Size: |
65536
|
|
|
5690000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2137777250.0000000005690000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5690000
|
| Size: |
4096
|
|
|
6A70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140375516.0000000006A70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A70000
|
| Size: |
65536
|
|
|
A25000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A25000
|
| Size: |
28672
|
|
|
1135000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129153704.0000000001135000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1135000
|
| Size: |
12288
|
|
|
1070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000001070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
143360
|
|
|
1ABCBF01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130567871.000001ABCBF01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCBF01000
|
| Size: |
4096
|
|
|
2DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131623884.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA0000
|
| Size: |
4096
|
|
|
32AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132072588.00000000032AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32AE000
|
| Size: |
8192
|
|
|
E65000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928116623.0000000000E65000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E65000
|
| Size: |
16384
|
|
|
26B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981967546.00000000026B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
26B0000
|
| Size: |
4096
|
|
|
3FF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF2000
|
| Size: |
8192
|
|
|
2D8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8D000
|
| Size: |
69632
|
|
|
17B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130933091.00000000017B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B0000
|
| Size: |
4096
|
|
|
4C24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C24000
|
| Size: |
16384
|
|
|
B70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938455138.000000000B70E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B70E000
|
| Size: |
8192
|
|
|
4C46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C46000
|
| Size: |
16384
|
|
|
3526000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003526000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3526000
|
| Size: |
4096
|
|
|
9FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.00000000009FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9FE000
|
| Size: |
155648
|
|
|
4399000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004399000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4399000
|
| Size: |
176128
|
|
|
33EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33EB000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129671371.0000000001400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
163840
|
|
|
6B20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2141063629.0000000006B20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B20000
|
| Size: |
65536
|
|
|
594B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988802061.000000000594B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
594B000
|
| Size: |
94208
|
|
|
317A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000317A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317A000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1ABD0AEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131387317.000001ABD0AEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AEE000
|
| Size: |
12288
|
|
|
3C19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.931831960.0000000003C19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C19000
|
| Size: |
4096
|
|
|
1ABCBC15000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130479384.000001ABCBC15000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBC15000
|
| Size: |
4096
|
|
|
4CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987849813.0000000004CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CF0000
|
| Size: |
8192
|
|
|
6B80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2141570136.0000000006B80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B80000
|
| Size: |
36864
|
|
|
59C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138016020.00000000059C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59C0000
|
| Size: |
4096
|
|
|
542D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137442717.000000000542D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
542D000
|
| Size: |
12288
|
|
|
14BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129671371.00000000014BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14BD000
|
| Size: |
8192
|
|
|
6871000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138569001.0000000006871000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6871000
|
| Size: |
12288
|
|
|
426B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.000000000426B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
426B000
|
| Size: |
12288
|
|
|
2DD33FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129495670.0000002DD33FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD33FE000
|
| Size: |
8192
|
|
|
ABAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990245744.000000000ABAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABAF000
|
| Size: |
4096
|
|
|
F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928300310.0000000000F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F80000
|
| Size: |
8192
|
|
|
4D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988027936.0000000004D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
1ABD0C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1208174731.000001ABD0C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0C80000
|
| Size: |
4096
|
|
|
3504000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003504000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3504000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2DD3EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129720441.0000002DD3EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD3EFE000
|
| Size: |
8192
|
|
|
3F97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F97000
|
| Size: |
16384
|
|
|
368C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000368C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
368C000
|
| Size: |
102400
|
|
|
7A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937219994.0000000007A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A1E000
|
| Size: |
8192
|
|
|
12A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129768923.00000000012A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
4096
|
|
|
2510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981600298.0000000002510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2510000
|
| Size: |
8192
|
|
|
650F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138421154.000000000650F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
650F000
|
| Size: |
4096
|
|
|
35FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35FA000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1316000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130133550.0000000001316000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1316000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980458757.0000000000580000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
580000
|
| Size: |
4096
|
|
|
3FC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC7000
|
| Size: |
4096
|
|
|
361F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000361F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
361F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
29EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929099820.00000000029EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29EE000
|
| Size: |
8192
|
|
|
417D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.000000000417D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
417D000
|
| Size: |
4096
|
|
|
30F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30F1000
|
| Size: |
4096
|
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3685000
|
| Size: |
4096
|
|
|
3535000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003535000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3535000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
423000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000423000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
423000
|
| Size: |
4096
|
|
|
2D72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D72000
|
| Size: |
28672
|
|
|
307E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.000000000307E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
307E000
|
| Size: |
45056
|
|
|
2D66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D66000
|
| Size: |
8192
|
|
|
3EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
32768
|
|
|
1ABCB4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB4A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4A0000
|
| Size: |
4096
|
|
|
FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928540579.0000000000FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
65536
|
|
|
5671000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934691302.0000000005671000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5671000
|
| Size: |
192512
|
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.927977352.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
4096
|
|
|
1ABD0AF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131483382.000001ABD0AF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AF2000
|
| Size: |
4096
|
|
|
2DD237E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128530069.0000002DD237E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD237E000
|
| Size: |
4096
|
|
|
13E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129396481.00000000013E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
45056
|
|
|
4117000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004117000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4117000
|
| Size: |
12288
|
|
|
1ABD0CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131726331.000001ABD0CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0CF0000
|
| Size: |
4096
|
|
|
670E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138488132.000000000670E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
670E000
|
| Size: |
8192
|
|
|
5760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935167407.0000000005760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
4096
|
|
|
5730000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935044978.0000000005730000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5730000
|
| Size: |
69632
|
|
|
1ABD0C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206963198.000001ABD0C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0C00000
|
| Size: |
204800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
38C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.986104944.00000000038C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C1000
|
| Size: |
28672
|
|
|
407000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000407000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
407000
|
| Size: |
4096
|
|
|
713E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989438381.000000000713E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
713E000
|
| Size: |
8192
|
|
|
6DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140854259.0000000006DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DC0000
|
| Size: |
4096
|
|
|
661C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.000000000661C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
661C000
|
| Size: |
57344
|
|
|
442C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.000000000442C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
442C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F67000
|
| Size: |
4096
|
|
|
1380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928918534.0000000001380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
65536
|
|
|
B1BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990444310.000000000B1BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1BB000
|
| Size: |
20480
|
|
|
1ABD0A95000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131242844.000001ABD0A95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A95000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982080601.00000000028A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28A0000
|
| Size: |
65536
|
|
|
26A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981903960.00000000026A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26A0000
|
| Size: |
65536
|
|
|
590A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988697742.000000000590A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
590A000
|
| Size: |
4096
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980595465.00000000005A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
8192
|
|
|
34F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000034F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F5000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140280592.0000000006D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D40000
|
| Size: |
65536
|
|
|
342C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000342C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
342C000
|
| Size: |
4096
|
|
|
9FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.00000000009FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9FA000
|
| Size: |
8192
|
|
|
4FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988381339.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FE0000
|
| Size: |
65536
|
|
|
4C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987599843.0000000004C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C70000
|
| Size: |
65536
|
|
|
5550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137684395.0000000005550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980618013.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EE000
|
| Size: |
8192
|
|
|
60EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138285996.00000000060EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60EE000
|
| Size: |
8192
|
|
|
5780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935290524.0000000005780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5780000
|
| Size: |
65536
|
|
|
505B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.000000000505B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
505B000
|
| Size: |
69632
|
|
|
9EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980709665.00000000009EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EA000
|
| Size: |
20480
|
|
|
3424000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003424000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3424000
|
| Size: |
4096
|
|
|
2CAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929503957.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAD000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4193000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004193000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4193000
|
| Size: |
12288
|
|
|
1ABCB42B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129916834.000001ABCB42B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB42B000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
290A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.000000000290A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290A000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F58000
|
| Size: |
4096
|
|
|
4D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988181808.0000000004D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D50000
|
| Size: |
65536
|
|
|
51A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980428276.000000000051A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51A000
|
| Size: |
24576
|
|
|
18E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903642953.000000000018E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
18E000
|
| Size: |
8192
|
|
|
3176000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003176000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3176000
|
| Size: |
4096
|
|
|
1ABD0A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131120828.000001ABD0A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A40000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
B5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938378057.000000000B5D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B5D0000
|
| Size: |
4096
|
|
|
AAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.980758872.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AAA000
|
| Size: |
282624
|
|
|
16D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2130586171.00000000016D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16D7000
|
| Size: |
4096
|
|
|
6639000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.0000000006639000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6639000
|
| Size: |
8192
|
|
|
C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952329602.0000000000C20000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
4096
|
|
|
412000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000412000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
412000
|
| Size: |
4096
|
|
|
6A30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140105173.0000000006A30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A30000
|
| Size: |
65536
|
|
|
13C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129139403.00000000013C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
8192
|
|
|
5E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935458945.0000000005E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E60000
|
| Size: |
4096
|
|
|
2F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F90000
|
| Size: |
4096
|
|
|
1ABD0D50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1208924903.000001ABD0D50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0D50000
|
| Size: |
4096
|
|
|
5543000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137609905.0000000005543000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5543000
|
| Size: |
8192
|
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129078801.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D0000
|
| Size: |
8192
|
|
|
685E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138569001.000000000685E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
685E000
|
| Size: |
69632
|
|
|
109F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.000000000109F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109F000
|
| Size: |
4096
|
|
|
4371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4371000
|
| Size: |
32768
|
|
|
6ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989384336.0000000006ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ECE000
|
| Size: |
8192
|
|
|
48B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904245422.000000000048B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48B000
|
| Size: |
49152
|
|
|
1760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130852218.0000000001760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1760000
|
| Size: |
16384
|
|
|
34F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000034F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F7000
|
| Size: |
4096
|
|
|
ACF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990318073.000000000ACF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ACF0000
|
| Size: |
4096
|
|
|
16D5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2130564262.00000000016D5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16D5000
|
| Size: |
4096
|
|
|
315C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000315C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
315C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1ABD1000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131813417.000001ABD1000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD1000000
|
| Size: |
4096
|
|
|
B80E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938488289.000000000B80E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B80E000
|
| Size: |
8192
|
|
|
F57000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2128897370.0000000000F57000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F57000
|
| Size: |
36864
|
|
|
A9AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990201810.000000000A9AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9AE000
|
| Size: |
8192
|
|
|
6B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141505116.0000000006B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B50000
|
| Size: |
32768
|
|
|
2D07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929503957.0000000002D07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D07000
|
| Size: |
45056
|
|
|
2513000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981622196.0000000002513000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2513000
|
| Size: |
12288
|
|
|
6A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140050548.0000000006A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A2F000
|
| Size: |
4096
|
|
|
2F41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F41000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137609905.0000000005540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5540000
|
| Size: |
4096
|
|
|
1ABD09F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1207355810.000001ABD09F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09F4000
|
| Size: |
4096
|
|
|
DA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903520741.00000000000DA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DA000
|
| Size: |
24576
|
|
|
13CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130757542.00000000013CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13CC000
|
| Size: |
77824
|
|
|
1ABCC560000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130712133.000001ABCC560000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC560000
|
| Size: |
65536
|
|
|
441000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000441000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
4096
|
|
|
1ABD09F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1207355810.000001ABD09F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09F0000
|
| Size: |
4096
|
|
|
3157000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003157000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3157000
|
| Size: |
8192
|
|
|
6B30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141134096.0000000006B30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B30000
|
| Size: |
4096
|
|
|
4507000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004507000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
12288
|
|
|
4C4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C4D000
|
| Size: |
16384
|
|
|
717E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989464038.000000000717E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
717E000
|
| Size: |
8192
|
|
|
36AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
12288
|
|
|
4101000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004101000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4101000
|
| Size: |
4096
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903920201.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
4096
|
|
|
322F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000322F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
322F000
|
| Size: |
12288
|
|
|
3207000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003207000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3207000
|
| Size: |
12288
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933433689.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
1ABCC901000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130878874.000001ABCC901000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCC901000
|
| Size: |
4096
|
|
|
2DD387B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129667661.0000002DD387B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD387B000
|
| Size: |
20480
|
|
|
4C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987726071.0000000004C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C90000
|
| Size: |
65536
|
|
|
75C0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.936236499.00000000075C0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
75C0000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2F6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6B000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3418000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003418000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3418000
|
| Size: |
4096
|
|
|
65B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.00000000065B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65B0000
|
| Size: |
380928
|
|
|
5D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138113360.0000000005D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5D40000
|
| Size: |
65536
|
|
|
17B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130933091.00000000017B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B4000
|
| Size: |
49152
|
|
|
71B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989540044.00000000071B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71B0000
|
| Size: |
4096
|
|
|
2DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131767001.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB0000
|
| Size: |
65536
|
|
|
2F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F98000
|
| Size: |
4096
|
|
|
B3FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990529122.000000000B3FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3FF000
|
| Size: |
4096
|
|
|
B5CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938250047.000000000B5CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5CD000
|
| Size: |
12288
|
|
|
2550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981840357.0000000002550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2550000
|
| Size: |
4096
|
|
|
B84E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938537490.000000000B84E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B84E000
|
| Size: |
8192
|
|
|
5120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933489806.0000000005120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5120000
|
| Size: |
36864
|
|
|
2CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130935025.0000000002CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDE000
|
| Size: |
8192
|
|
|
6D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989351154.0000000006D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D0E000
|
| Size: |
8192
|
|
|
4D3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988115549.0000000004D3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D3A000
|
| Size: |
24576
|
|
|
564E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934691302.000000000564E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564E000
|
| Size: |
57344
|
|
|
3076000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.0000000003076000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3076000
|
| Size: |
8192
|
|
|
1ABD0B04000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131590690.000001ABD0B04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0B04000
|
| Size: |
8192
|
|
|
12E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130133550.00000000012E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E8000
|
| Size: |
135168
|
|
|
2FD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FD8000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4FF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988432235.0000000004FF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FF8000
|
| Size: |
32768
|
|
|
2503000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981524585.0000000002503000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2503000
|
| Size: |
4096
|
|
|
440000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000440000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
29B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.00000000029B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B5000
|
| Size: |
12288
|
|
|
3632000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003632000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3632000
|
| Size: |
229376
|
|
|
3570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3570000
|
| Size: |
4096
|
|
|
2B18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929259315.0000000002B18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B18000
|
| Size: |
4096
|
|
|
34FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000034FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
59DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137849379.00000000059DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59DF000
|
| Size: |
4096
|
|
|
2FAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FAC000
|
| Size: |
4096
|
|
|
341C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000341C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
341C000
|
| Size: |
4096
|
|
|
12B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129913563.00000000012B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12B0000
|
| Size: |
4096
|
|
|
3C11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.931831960.0000000003C11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C11000
|
| Size: |
28672
|
|
|
4597000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004597000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4597000
|
| Size: |
12288
|
|
|
320C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000320C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
320C000
|
| Size: |
102400
|
|
|
30A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A1000
|
| Size: |
8192
|
|
|
590C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988697742.000000000590C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
590C000
|
| Size: |
8192
|
|
|
12BB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2130074481.00000000012BB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12BB000
|
| Size: |
4096
|
|
|
CF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928024255.0000000000CF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF7000
|
| Size: |
36864
|
|
|
1ABCB47B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129984170.000001ABCB47B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB47B000
|
| Size: |
4096
|
|
|
5A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989011789.0000000005A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A00000
|
| Size: |
4096
|
|
|
58DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137811806.00000000058DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58DF000
|
| Size: |
4096
|
|
|
4653000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004653000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4653000
|
| Size: |
12288
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933261742.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
65536
|
|
|
3F71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003F71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F71000
|
| Size: |
16384
|
|
|
2FA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA4000
|
| Size: |
4096
|
|
|
2DD189B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128153845.0000002DD189B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD189B000
|
| Size: |
20480
|
|
|
6B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140751273.0000000006B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B00000
|
| Size: |
4096
|
|
|
BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981359844.0000000000BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BEE000
|
| Size: |
8192
|
|
|
3143000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131868273.0000000003143000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3143000
|
| Size: |
8192
|
|
|
C6E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952349158.0000000000C6E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C6E000
|
| Size: |
8192
|
|
|
2DD2A7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128968626.0000002DD2A7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD2A7E000
|
| Size: |
4096
|
|
|
F8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928342726.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F8D000
|
| Size: |
4096
|
|
|
4C64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987497863.0000000004C64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C64000
|
| Size: |
4096
|
|
|
1ABD09B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1207091158.000001ABD09B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD09B0000
|
| Size: |
4096
|
|
|
4D0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932583898.0000000004D0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0C000
|
| Size: |
16384
|
|
|
3091000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.0000000003091000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3091000
|
| Size: |
16384
|
|
|
2DD31FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129398551.0000002DD31FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD31FE000
|
| Size: |
8192
|
|
|
506E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.000000000506E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
506E000
|
| Size: |
8192
|
|
|
50C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933315316.00000000050C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50C0000
|
| Size: |
65536
|
|
|
532B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934381991.000000000532B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
532B000
|
| Size: |
20480
|
|
|
17E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131144083.00000000017E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17E8000
|
| Size: |
4096
|
|
|
4581000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004581000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4581000
|
| Size: |
4096
|
|
|
1ABD0AC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131387317.000001ABD0AC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0AC4000
|
| Size: |
65536
|
|
|
1ABCB45B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129984170.000001ABCB45B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB45B000
|
| Size: |
69632
|
|
|
51F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933640300.00000000051F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F3000
|
| Size: |
8192
|
|
|
367A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000367A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
367A000
|
| Size: |
16384
|
|
|
2CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952384764.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
32768
|
|
|
6D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140735194.0000000006D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D80000
|
| Size: |
32768
|
|
|
5CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2138042652.0000000005CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CFF000
|
| Size: |
4096
|
|
|
16D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130511016.00000000016D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
4096
|
|
|
779E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937061624.000000000779E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
779E000
|
| Size: |
8192
|
|
|
622E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138369046.000000000622E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
622E000
|
| Size: |
8192
|
|
|
12A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129802112.00000000012A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12A2000
|
| Size: |
4096
|
|
|
B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.951450426.0000000000B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7D000
|
| Size: |
12288
|
|
|
6CC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2139902099.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CC0000
|
| Size: |
65536
|
|
|
B4CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938212266.000000000B4CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4CF000
|
| Size: |
4096
|
|
|
66EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139491878.00000000066EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66EE000
|
| Size: |
8192
|
|
|
F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928200783.0000000000F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
43DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000043DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43DC000
|
| Size: |
4096
|
|
|
3242000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003242000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3242000
|
| Size: |
376832
|
|
|
33CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33CD000
|
| Size: |
40960
|
|
|
3074000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003074000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3074000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.903375098.000000000009D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D000
|
| Size: |
12288
|
|
|
139A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929005921.000000000139A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
139A000
|
| Size: |
20480
|
|
|
2DD2F7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129296726.0000002DD2F7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD2F7E000
|
| Size: |
4096
|
|
|
1130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2129153704.0000000001130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
16384
|
|
|
BD0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938854798.000000000BD0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BD0C000
|
| Size: |
16384
|
|
|
4417000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004417000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4417000
|
| Size: |
16384
|
|
|
43F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000043F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43F1000
|
| Size: |
16384
|
|
|
507D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.000000000507D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
507D000
|
| Size: |
16384
|
|
|
4625000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004625000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4625000
|
| Size: |
4096
|
|
|
13C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129252513.00000000013C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C4000
|
| Size: |
8192
|
|
|
6A90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2140542736.0000000006A90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A90000
|
| Size: |
65536
|
|
|
4472000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004472000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4472000
|
| Size: |
8192
|
|
|
561D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934551943.000000000561D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
561D000
|
| Size: |
8192
|
|
|
2DD2DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129177371.0000002DD2DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD2DFE000
|
| Size: |
8192
|
|
|
36B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B7000
|
| Size: |
4096
|
|
|
17D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131114800.00000000017D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D0000
|
| Size: |
4096
|
|
|
1ABCB4B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB4B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4B5000
|
| Size: |
32768
|
|
|
694D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139272399.000000000694D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
694D000
|
| Size: |
12288
|
|
|
1ABCB479000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129984170.000001ABCB479000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB479000
|
| Size: |
4096
|
|
|
6B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139451419.0000000006B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B8E000
|
| Size: |
8192
|
|
|
1390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.929005921.0000000001390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1390000
|
| Size: |
32768
|
|
|
57ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137540003.00000000057ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57ED000
|
| Size: |
12288
|
|
|
4439000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.931831960.0000000004439000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4439000
|
| Size: |
180224
|
|
|
4D22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988027936.0000000004D22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D22000
|
| Size: |
57344
|
|
|
1ABCBD00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130502210.000001ABCBD00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCBD00000
|
| Size: |
4096
|
|
|
2DD1E77000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128233969.0000002DD1E77000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD1E77000
|
| Size: |
36864
|
|
|
6637000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138691678.0000000006637000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6637000
|
| Size: |
4096
|
|
|
498000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.904245422.0000000000498000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
498000
|
| Size: |
45056
|
|
|
253B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981818578.000000000253B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
253B000
|
| Size: |
4096
|
|
|
4D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988288045.0000000004D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D73000
|
| Size: |
8192
|
|
|
2DD297E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128870687.0000002DD297E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD297E000
|
| Size: |
4096
|
|
|
1ABD0A4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131174685.000001ABD0A4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0A4D000
|
| Size: |
16384
|
|
|
41D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.00000000041D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41D0000
|
| Size: |
8192
|
|
|
692E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139985463.000000000692E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
692E000
|
| Size: |
8192
|
|
|
424000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2128147179.0000000000424000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
424000
|
| Size: |
4096
|
|
|
418000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000418000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
418000
|
| Size: |
4096
|
|
|
2DD347E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129526064.0000002DD347E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD347E000
|
| Size: |
4096
|
|
|
70FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989411598.00000000070FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70FE000
|
| Size: |
8192
|
|
|
1429000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129671371.0000000001429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1429000
|
| Size: |
16384
|
|
|
1ABCB495000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB495000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB495000
|
| Size: |
40960
|
|
|
3FAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FAC000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2DD397E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129703054.0000002DD397E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD397E000
|
| Size: |
4096
|
|
|
14EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130387804.00000000014EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EF000
|
| Size: |
65536
|
|
|
FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928490205.0000000000FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
5D50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2138238286.0000000005D50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5D50000
|
| Size: |
65536
|
|
|
1ABCB3F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2129799960.000001ABCB3F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB3F0000
|
| Size: |
4096
|
|
|
1ABD0B0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1259747430.000001ABD0B0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABD0B0A000
|
| Size: |
12288
|
|
|
4087000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000004087000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4087000
|
| Size: |
12288
|
|
|
1ABCB6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130385009.000001ABCB6D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB6D0000
|
| Size: |
4096
|
|
|
29B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.00000000029B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B9000
|
| Size: |
36864
|
|
|
5A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.989011789.0000000005A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
65536
|
|
|
35EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35EC000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
13ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2129447433.00000000013ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13ED000
|
| Size: |
4096
|
|
|
2530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981754046.0000000002530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2530000
|
| Size: |
4096
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2130893266.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
20480
|
|
|
B2FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990499376.000000000B2FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2FD000
|
| Size: |
12288
|
|
|
1370000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129034483.0000000001370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
8192
|
|
|
5668000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.934691302.0000000005668000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5668000
|
| Size: |
32768
|
|
|
3070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.0000000003070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3070000
|
| Size: |
20480
|
|
|
1ABCB4A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB4A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB4A7000
|
| Size: |
32768
|
|
|
30AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4402000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004402000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4402000
|
| Size: |
4096
|
|
|
3096000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.0000000003096000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3096000
|
| Size: |
16384
|
|
|
3625000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003625000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3625000
|
| Size: |
16384
|
|
|
4437000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004437000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4437000
|
| Size: |
8192
|
|
|
18BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131177832.00000000018BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18BC000
|
| Size: |
16384
|
|
|
4C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C20000
|
| Size: |
12288
|
|
|
FAB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.928469970.0000000000FAB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
FAB000
|
| Size: |
4096
|
|
|
3410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.0000000003410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3410000
|
| Size: |
4096
|
|
|
4C3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C3E000
|
| Size: |
8192
|
|
|
919000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.927792613.0000000000919000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
919000
|
| Size: |
28672
|
|
|
13F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129486322.00000000013F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
4096
|
|
|
5020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988556697.0000000005020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2128990141.0000000000FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
BE4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938973479.000000000BE4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BE4E000
|
| Size: |
8192
|
|
|
6A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2140319093.0000000006A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A60000
|
| Size: |
4096
|
|
|
31AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000031AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31AC000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2129336554.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
16384
|
|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000036B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B5000
|
| Size: |
4096
|
|
|
252A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981731457.000000000252A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
252A000
|
| Size: |
4096
|
|
|
68EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2139878350.00000000068EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68EF000
|
| Size: |
4096
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
16384
|
|
|
17AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2130896129.00000000017AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17AE000
|
| Size: |
8192
|
|
|
632E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2138415462.000000000632E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
632E000
|
| Size: |
8192
|
|
|
2DD277E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2128768537.0000002DD277E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD277E000
|
| Size: |
4096
|
|
|
884000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.887766945.0000000000884000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
884000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140649229.0000000006D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D70000
|
| Size: |
40960
|
|
|
D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981402453.0000000000D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D2E000
|
| Size: |
8192
|
|
|
BD4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.938926989.000000000BD4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BD4D000
|
| Size: |
12288
|
|
|
35D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000035D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35D8000
|
| Size: |
4096
|
|
|
3239000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000003239000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3239000
|
| Size: |
4096
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.887750934.00000000007D0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
30A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.00000000030A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A7000
|
| Size: |
4096
|
|
|
1740000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2130730708.0000000001740000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1740000
|
| Size: |
65536
|
|
|
1ABD0D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2131774136.000001ABD0D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0D00000
|
| Size: |
4096
|
|
|
ABED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990269671.000000000ABED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABED000
|
| Size: |
12288
|
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
362C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2DD327E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2129430326.0000002DD327E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2DD327E000
|
| Size: |
4096
|
|
|
1030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.0000000001030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1030000
|
| Size: |
4096
|
|
|
4C2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C2B000
|
| Size: |
69632
|
|
|
10C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928573681.00000000010C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C8000
|
| Size: |
159744
|
|
|
308E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.000000000308E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
308E000
|
| Size: |
4096
|
|
|
413000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000413000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
413000
|
| Size: |
16384
|
|
|
5071000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.932610474.0000000005071000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5071000
|
| Size: |
16384
|
|
|
582D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137632158.000000000582D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
582D000
|
| Size: |
12288
|
|
|
2DD227C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2128465950.0000002DD227C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DD227C000
|
| Size: |
16384
|
|
|
E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928072393.0000000000E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E4E000
|
| Size: |
8192
|
|
|
29C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.982165971.00000000029C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C4000
|
| Size: |
4182016
|
|
|
437000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2128152525.0000000000437000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
437000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
583D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137693969.000000000583D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
583D000
|
| Size: |
12288
|
|
|
1ABCC920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130896242.000001ABCC920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABCC920000
|
| Size: |
4096
|
|
|
1ABCC5A0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2130821311.000001ABCC5A0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
1ABCC5A0000
|
| Size: |
65536
|
|
|
698F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2139333019.000000000698F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
698F000
|
| Size: |
4096
|
|
|
5AE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2137902505.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AE4000
|
| Size: |
4096
|
|
|
5E98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.935458945.0000000005E98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E98000
|
| Size: |
4096
|
|
|
1ABD0930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130954824.000001ABD0930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1ABD0930000
|
| Size: |
4096
|
|
|
1320000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2128947133.0000000001320000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1320000
|
| Size: |
4096
|
|
|
71E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.936070093.00000000071E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71E2000
|
| Size: |
32768
|
|
|
3FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2135952590.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB7000
|
| Size: |
8192
|
|
|
4684000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004684000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4684000
|
| Size: |
16384
|
|
|
6C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2141775354.0000000006C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C00000
|
| Size: |
8192
|
|
|
5900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988697742.0000000005900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5900000
|
| Size: |
36864
|
|
|
F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928319702.0000000000F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F83000
|
| Size: |
28672
|
|
|
990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.927931131.0000000000990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
8192
|
|
|
4C52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.987252140.0000000004C52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C52000
|
| Size: |
49152
|
|
|
31B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.952451524.00000000031B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31B0000
|
| Size: |
24576
|
|
|
319F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000319F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
319F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
259E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.981861897.000000000259E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
259E000
|
| Size: |
8192
|
|
|
6D67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2140524648.0000000006D67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D67000
|
| Size: |
36864
|
|
|
5320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.988643696.0000000005320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5320000
|
| Size: |
65536
|
|
|
316C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.000000000316C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
316C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2FFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FFB000
|
| Size: |
438272
|
|
|
1ABCB491000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2130079498.000001ABCB491000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1ABCB491000
|
| Size: |
8192
|
|
|
7D2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.887766945.00000000007D2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7D2000
|
| Size: |
724992
|
|
|
2D6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131174150.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6B000
|
| Size: |
8192
|
|
|
2FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2132002776.0000000002FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FB0000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928163575.0000000000F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F6E000
|
| Size: |
8192
|
|
|
512A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.933489806.000000000512A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
512A000
|
| Size: |
24576
|
|
|
251D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.981642563.000000000251D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
251D000
|
| Size: |
4096
|
|
|
33D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.00000000033D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33D8000
|
| Size: |
8192
|
|
|
596E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2137909743.000000000596E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
596E000
|
| Size: |
8192
|
|
|
16DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2130604470.00000000016DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16DB000
|
| Size: |
4096
|
|
|
46EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.00000000046EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46EB000
|
| Size: |
12288
|
|
|
4475000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2136263822.0000000004475000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4475000
|
| Size: |
12288
|
|
|
2DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131941226.0000000002DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DE0000
|
| Size: |
4096
|
|
|
79DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.937158602.00000000079DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79DE000
|
| Size: |
8192
|
|
|
5790000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.935342242.0000000005790000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5790000
|
| Size: |
65536
|
|
|
B2BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.990472315.000000000B2BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2BC000
|
| Size: |
16384
|
|
|
309D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131281044.000000000309D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
309D000
|
| Size: |
69632
|
|
|
17C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2131025643.00000000017C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17C0000
|
| Size: |
65536
|
|
|
2EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2131970761.0000000002EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
8192
|
|
|
367F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2132100391.000000000367F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
367F000
|
| Size: |
4096
|
|
|
F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.928358672.0000000000F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F90000
|
| Size: |
4096
|
|
