|
2941000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000000.00000002.1060739593.0000000002941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2941000
|
| Size: |
1146880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2441000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002441000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2441000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
2310000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3510377398.0000000002310000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
2310000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5DC0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074115161.0000000005DC0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5DC0000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
3601000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003601000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3601000
|
| Size: |
311296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5980000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3520348253.0000000005980000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5980000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
25C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000025C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C1000
|
| Size: |
311296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
21DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3507858654.00000000021DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21DF000
|
| Size: |
565248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526864286.0000000006070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6070000
|
| Size: |
65536
|
|
|
294A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000294A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294A000
|
| Size: |
4096
|
|
|
606A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526752012.000000000606A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
606A000
|
| Size: |
4096
|
|
|
2E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
4096
|
|
|
256E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000256E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
256E000
|
| Size: |
4096
|
|
|
2DE7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE7000
|
| Size: |
4096
|
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D33000
|
| Size: |
4096
|
|
|
2E9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E9B000
|
| Size: |
4096
|
|
|
62D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524695678.00000000062D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
62D0000
|
| Size: |
65536
|
|
|
15E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.00000000015E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E0000
|
| Size: |
28672
|
|
|
275B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000275B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
275B000
|
| Size: |
4096
|
|
|
348B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.000000000348B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
348B000
|
| Size: |
4096
|
|
|
5A05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223342911.0000000005A05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A05000
|
| Size: |
36864
|
|
|
6C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525029095.0000000006C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C1E000
|
| Size: |
8192
|
|
|
2906000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002906000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2906000
|
| Size: |
4096
|
|
|
3941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1070637470.0000000003941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3941000
|
| Size: |
163840
|
|
|
840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193792564.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
2885000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002885000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2885000
|
| Size: |
4096
|
|
|
258D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000258D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
258D000
|
| Size: |
4096
|
|
|
3878000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003878000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3878000
|
| Size: |
4096
|
|
|
392D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000392D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392D000
|
| Size: |
8192
|
|
|
2BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD0000
|
| Size: |
4096
|
|
|
2907000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002907000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2907000
|
| Size: |
4096
|
|
|
2834000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002834000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2834000
|
| Size: |
4096
|
|
|
6110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527430561.0000000006110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6110000
|
| Size: |
32768
|
|
|
2DB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB3000
|
| Size: |
12288
|
|
|
2E97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E97000
|
| Size: |
4096
|
|
|
2C39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C39000
|
| Size: |
4096
|
|
|
2BBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BBB000
|
| Size: |
4096
|
|
|
38A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A9000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5790000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1221789196.0000000005790000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5790000
|
| Size: |
65536
|
|
|
2A368660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180501761.000002A368660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368660000
|
| Size: |
16384
|
|
|
3018000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003018000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3018000
|
| Size: |
4096
|
|
|
24B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511970902.00000000024B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B0000
|
| Size: |
16384
|
|
|
26B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B5000
|
| Size: |
4096
|
|
|
25CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25CD000
|
| Size: |
57344
|
|
|
267A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000267A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
267A000
|
| Size: |
4096
|
|
|
249D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.000000000249D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
249D000
|
| Size: |
16384
|
|
|
2C52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C52000
|
| Size: |
4096
|
|
|
2E7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E7E000
|
| Size: |
4096
|
|
|
EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060432019.0000000000EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC0000
|
| Size: |
4096
|
|
|
258B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000258B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
258B000
|
| Size: |
4096
|
|
|
304A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000304A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
304A000
|
| Size: |
4096
|
|
|
283C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000283C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
283C000
|
| Size: |
4096
|
|
|
6EF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3525355723.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6EF0000
|
| Size: |
65536
|
|
|
C66000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059477063.0000000000C66000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C66000
|
| Size: |
8192
|
|
|
5510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221394661.0000000005510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5510000
|
| Size: |
323584
|
|
|
15BB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506399319.00000000015BB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
15BB000
|
| Size: |
4096
|
|
|
2F89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F89000
|
| Size: |
65536
|
|
|
2460000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3511029881.0000000002460000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2460000
|
| Size: |
4096
|
|
|
299B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000299B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
299B000
|
| Size: |
4096
|
|
|
3859000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003859000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3859000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5D12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005D12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D12000
|
| Size: |
45056
|
|
|
426000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3504497907.0000000000426000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
2AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA0000
|
| Size: |
12288
|
|
|
21B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3507721675.00000000021B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21B0000
|
| Size: |
4096
|
|
|
5946000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.0000000005946000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5946000
|
| Size: |
8192
|
|
|
2A88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A88000
|
| Size: |
4096
|
|
|
884000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195342991.0000000000884000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
884000
|
| Size: |
4096
|
|
|
2FA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA4000
|
| Size: |
4096
|
|
|
2CB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB2000
|
| Size: |
4096
|
|
|
CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
24576
|
|
|
7057000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526508241.0000000007057000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7057000
|
| Size: |
36864
|
|
|
26C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C6000
|
| Size: |
28672
|
|
|
2EA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EA1000
|
| Size: |
49152
|
|
|
3696000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003696000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3696000
|
| Size: |
4096
|
|
|
298B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000298B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
298B000
|
| Size: |
12288
|
|
|
6F20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3525616818.0000000006F20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6F20000
|
| Size: |
65536
|
|
|
39DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000039DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39DD000
|
| Size: |
4096
|
|
|
2A1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A1B000
|
| Size: |
4096
|
|
|
2734000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002734000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2734000
|
| Size: |
4096
|
|
|
49A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1219892745.00000000049A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
65536
|
|
|
595A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.000000000595A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
595A000
|
| Size: |
4096
|
|
|
2751000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002751000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2751000
|
| Size: |
4096
|
|
|
529E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221131108.000000000529E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
529E000
|
| Size: |
8192
|
|
|
2839000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002839000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2839000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2624000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002624000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2624000
|
| Size: |
4096
|
|
|
2B89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B89000
|
| Size: |
4096
|
|
|
2D7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7D000
|
| Size: |
4096
|
|
|
4AD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AD2000
|
| Size: |
69632
|
|
|
2824000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002824000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2824000
|
| Size: |
4096
|
|
|
26E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26E7000
|
| Size: |
4096
|
|
|
248E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.000000000248E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
248E000
|
| Size: |
4096
|
|
|
F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060599265.0000000000F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3E000
|
| Size: |
8192
|
|
|
6BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524999655.0000000006BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BDF000
|
| Size: |
4096
|
|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000036B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B5000
|
| Size: |
172032
|
|
|
882000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1194091024.0000000000882000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
882000
|
| Size: |
4096
|
|
|
2EDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EDF000
|
| Size: |
4096
|
|
|
2AC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC3000
|
| Size: |
4096
|
|
|
29F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F3000
|
| Size: |
12288
|
|
|
70A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526923854.00000000070A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70A0000
|
| Size: |
4096
|
|
|
2ABB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABB000
|
| Size: |
4096
|
|
|
54AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071631168.00000000054AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54AE000
|
| Size: |
8192
|
|
|
2738000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002738000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2738000
|
| Size: |
4096
|
|
|
3850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3850000
|
| Size: |
4096
|
|
|
2C3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C3D000
|
| Size: |
4096
|
|
|
2936000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002936000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2936000
|
| Size: |
45056
|
|
|
4683000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004683000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4683000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222234763.0000000005850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5850000
|
| Size: |
16384
|
|
|
26B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B3000
|
| Size: |
4096
|
|
|
590D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222809144.000000000590D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
590D000
|
| Size: |
4096
|
|
|
375A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000375A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
375A000
|
| Size: |
12288
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059198677.0000000000780000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
6EE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3525257728.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6EE0000
|
| Size: |
65536
|
|
|
2A4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A4D000
|
| Size: |
4096
|
|
|
2CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB0000
|
| Size: |
4096
|
|
|
3873000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003873000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3873000
|
| Size: |
4096
|
|
|
2976000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002976000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2976000
|
| Size: |
4096
|
|
|
393C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000393C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393C000
|
| Size: |
8192
|
|
|
519E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221090449.000000000519E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
519E000
|
| Size: |
8192
|
|
|
38F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F3000
|
| Size: |
8192
|
|
|
5966000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.0000000005966000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5966000
|
| Size: |
16384
|
|
|
2B03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B03000
|
| Size: |
4096
|
|
|
2D98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D98000
|
| Size: |
4096
|
|
|
3988000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1070637470.0000000003988000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3988000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2378000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3510808845.0000000002378000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2378000
|
| Size: |
4096
|
|
|
2AA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA4000
|
| Size: |
4096
|
|
|
2E7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E7C000
|
| Size: |
4096
|
|
|
5D90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1073994361.0000000005D90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5D90000
|
| Size: |
61440
|
|
|
2626000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002626000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2626000
|
| Size: |
4096
|
|
|
38AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38AF000
|
| Size: |
229376
|
|
|
501E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071384119.000000000501E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
501E000
|
| Size: |
8192
|
|
|
7D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.00000000007D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D7000
|
| Size: |
12288
|
|
|
2E9D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E9D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E9D000
|
| Size: |
4096
|
|
|
157D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3505769084.000000000157D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
157D000
|
| Size: |
4096
|
|
|
27D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27D1000
|
| Size: |
4096
|
|
|
5DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074073290.0000000005DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DB0000
|
| Size: |
65536
|
|
|
2A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A30000
|
| Size: |
4096
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505128856.00000000013C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
25E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E4000
|
| Size: |
4096
|
|
|
2570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2570000
|
| Size: |
4096
|
|
|
2698000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002698000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2698000
|
| Size: |
4096
|
|
|
26C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C1000
|
| Size: |
8192
|
|
|
511E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071430707.000000000511E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511E000
|
| Size: |
8192
|
|
|
2ED7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED7000
|
| Size: |
4096
|
|
|
2A36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A36000
|
| Size: |
4096
|
|
|
2978000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002978000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2978000
|
| Size: |
4096
|
|
|
4FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221020178.0000000004FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FDE000
|
| Size: |
8192
|
|
|
4948000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071113666.0000000004948000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4948000
|
| Size: |
8192
|
|
|
3288000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510366185.0000000003288000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3288000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2E08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E08000
|
| Size: |
4096
|
|
|
2F03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F03000
|
| Size: |
28672
|
|
|
E8803FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179792914.000000E8803FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8803FE000
|
| Size: |
8192
|
|
|
5B20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1072742075.0000000005B20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5B20000
|
| Size: |
32768
|
|
|
3679000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003679000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3679000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
29C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C5000
|
| Size: |
4096
|
|
|
3934000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003934000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3934000
|
| Size: |
4096
|
|
|
2A9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A9C000
|
| Size: |
4096
|
|
|
2719000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002719000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2719000
|
| Size: |
4096
|
|
|
21AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3507667760.00000000021AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
21AC000
|
| Size: |
16384
|
|
|
2801000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002801000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2801000
|
| Size: |
4096
|
|
|
2953000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002953000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2953000
|
| Size: |
4096
|
|
|
265C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000265C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
265C000
|
| Size: |
4096
|
|
|
5E50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1074333278.0000000005E50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5E50000
|
| Size: |
65536
|
|
|
28C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C5000
|
| Size: |
36864
|
|
|
29AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29AE000
|
| Size: |
4096
|
|
|
28B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28B4000
|
| Size: |
4096
|
|
|
2B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B52000
|
| Size: |
4096
|
|
|
C7B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059531572.0000000000C7B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C7B000
|
| Size: |
4096
|
|
|
274D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000274D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
274D000
|
| Size: |
4096
|
|
|
2E61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E61000
|
| Size: |
4096
|
|
|
2666000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002666000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2666000
|
| Size: |
4096
|
|
|
2807000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002807000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2807000
|
| Size: |
4096
|
|
|
38E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38E8000
|
| Size: |
8192
|
|
|
369E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000369E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
4096
|
|
|
2C26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C26000
|
| Size: |
4096
|
|
|
2717000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002717000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2717000
|
| Size: |
4096
|
|
|
29CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29CF000
|
| Size: |
57344
|
|
|
260E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000260E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
260E000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A368665000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180501761.000002A368665000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368665000
|
| Size: |
36864
|
|
|
37C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C4000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EDD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EDD000
|
| Size: |
4096
|
|
|
2AB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB9000
|
| Size: |
4096
|
|
|
492D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000492D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
492D000
|
| Size: |
12288
|
|
|
5AB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1223958597.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5AB0000
|
| Size: |
53248
|
|
|
39C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000039C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39C0000
|
| Size: |
16384
|
|
|
1357000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505019141.0000000001357000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1357000
|
| Size: |
36864
|
|
|
26EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26EB000
|
| Size: |
4096
|
|
|
2BCC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BCC000
|
| Size: |
12288
|
|
|
62BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524480508.00000000062BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
62BE000
|
| Size: |
8192
|
|
|
5CAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CAA000
|
| Size: |
4096
|
|
|
3931000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003931000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3931000
|
| Size: |
4096
|
|
|
2A5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5E000
|
| Size: |
49152
|
|
|
2E4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E4E000
|
| Size: |
4096
|
|
|
25B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25B2000
|
| Size: |
8192
|
|
|
247E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.000000000247E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
247E000
|
| Size: |
45056
|
|
|
89D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195546482.000000000089D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
89D000
|
| Size: |
4096
|
|
|
6FE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3526022765.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6FE0000
|
| Size: |
65536
|
|
|
269A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000269A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
269A000
|
| Size: |
4096
|
|
|
6066000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526752012.0000000006066000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6066000
|
| Size: |
4096
|
|
|
27BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27BD000
|
| Size: |
45056
|
|
|
2B35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B35000
|
| Size: |
4096
|
|
|
2C1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1A000
|
| Size: |
4096
|
|
|
29E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E8000
|
| Size: |
4096
|
|
|
271F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000271F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
271F000
|
| Size: |
4096
|
|
|
C77000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059519460.0000000000C77000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C77000
|
| Size: |
4096
|
|
|
28D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D1000
|
| Size: |
4096
|
|
|
3927000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003927000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3927000
|
| Size: |
4096
|
|
|
2F6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6C000
|
| Size: |
4096
|
|
|
298F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000298F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
298F000
|
| Size: |
20480
|
|
|
263B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000263B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
263B000
|
| Size: |
4096
|
|
|
2ED5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ED5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED5000
|
| Size: |
4096
|
|
|
2B81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B81000
|
| Size: |
4096
|
|
|
2A82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A82000
|
| Size: |
4096
|
|
|
5C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C40000
|
| Size: |
20480
|
|
|
6100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527371131.0000000006100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6100000
|
| Size: |
40960
|
|
|
271C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000271C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
271C000
|
| Size: |
8192
|
|
|
28C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C6000
|
| Size: |
8192
|
|
|
29BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29BB000
|
| Size: |
4096
|
|
|
2B3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B3D000
|
| Size: |
4096
|
|
|
301A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000301A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
301A000
|
| Size: |
4096
|
|
|
2AA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA6000
|
| Size: |
4096
|
|
|
233E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196186725.000000000233E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
233E000
|
| Size: |
8192
|
|
|
4E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071170602.0000000004E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
65536
|
|
|
2A4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A4F000
|
| Size: |
4096
|
|
|
2A368463000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A368463000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368463000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071313120.0000000004FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FC0000
|
| Size: |
65536
|
|
|
22F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3508645244.00000000022F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22F0000
|
| Size: |
65536
|
|
|
3869000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003869000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3869000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2A77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A77000
|
| Size: |
4096
|
|
|
48D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000048D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48D7000
|
| Size: |
4096
|
|
|
662000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506236216.0000000000662000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
662000
|
| Size: |
4096
|
|
|
29B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B2000
|
| Size: |
24576
|
|
|
29C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C1000
|
| Size: |
4096
|
|
|
2A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A70000
|
| Size: |
4096
|
|
|
2616000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002616000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2616000
|
| Size: |
45056
|
|
|
576E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221660319.000000000576E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
576E000
|
| Size: |
8192
|
|
|
2A01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A01000
|
| Size: |
4096
|
|
|
1574000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505707121.0000000001574000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1574000
|
| Size: |
8192
|
|
|
2969000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002969000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2969000
|
| Size: |
4096
|
|
|
D03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000D03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D03000
|
| Size: |
8192
|
|
|
17DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3507863417.00000000017DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17DE000
|
| Size: |
8192
|
|
|
5D7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3523927670.0000000005D7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D7D000
|
| Size: |
12288
|
|
|
2CDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CDA000
|
| Size: |
20480
|
|
|
25B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25B5000
|
| Size: |
45056
|
|
|
64D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506032128.000000000064D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
64D000
|
| Size: |
4096
|
|
|
2360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3510740638.0000000002360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2360000
|
| Size: |
20480
|
|
|
2DED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DED000
|
| Size: |
4096
|
|
|
60D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527142092.00000000060D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60D5000
|
| Size: |
45056
|
|
|
31D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508625974.00000000031D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31D0000
|
| Size: |
65536
|
|
|
2C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C5E000
|
| Size: |
4096
|
|
|
38FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38FA000
|
| Size: |
8192
|
|
|
4DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3524580695.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DE0000
|
| Size: |
233472
|
|
|
EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060543660.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
24576
|
|
|
25E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E2000
|
| Size: |
4096
|
|
|
31FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510366185.00000000031FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31FF000
|
| Size: |
4096
|
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7B000
|
| Size: |
4096
|
|
|
3877000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003877000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3877000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2B24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B24000
|
| Size: |
4096
|
|
|
2A3683D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180157663.000002A3683D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3683D0000
|
| Size: |
4096
|
|
|
E8802FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179774206.000000E8802FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8802FE000
|
| Size: |
8192
|
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CFD000
|
| Size: |
4096
|
|
|
265E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000265E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
265E000
|
| Size: |
4096
|
|
|
26D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D4000
|
| Size: |
4096
|
|
|
2DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
60E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527234721.00000000060E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60E0000
|
| Size: |
45056
|
|
|
4FD0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1071351849.0000000004FD0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
2887000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002887000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2887000
|
| Size: |
4096
|
|
|
2662000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002662000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2662000
|
| Size: |
4096
|
|
|
9B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195708077.00000000009B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9B2000
|
| Size: |
4096
|
|
|
542E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071586700.000000000542E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
542E000
|
| Size: |
8192
|
|
|
27DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27DE000
|
| Size: |
28672
|
|
|
28F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
4096
|
|
|
2B77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B77000
|
| Size: |
28672
|
|
|
2E4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E4A000
|
| Size: |
4096
|
|
|
24A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.00000000024A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
24A2000
|
| Size: |
49152
|
|
|
271B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000271B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
271B000
|
| Size: |
4096
|
|
|
4688000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004688000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4688000
|
| Size: |
8192
|
|
|
C72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059506606.0000000000C72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C72000
|
| Size: |
4096
|
|
|
500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505217674.0000000000500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
2BC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC1000
|
| Size: |
4096
|
|
|
2728000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002728000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2728000
|
| Size: |
36864
|
|
|
2770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2770000
|
| Size: |
4096
|
|
|
2EF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF2000
|
| Size: |
12288
|
|
|
38D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D7000
|
| Size: |
16384
|
|
|
2C54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C54000
|
| Size: |
4096
|
|
|
2A6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6A000
|
| Size: |
4096
|
|
|
2EFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EFE000
|
| Size: |
16384
|
|
|
2491000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.0000000002491000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2491000
|
| Size: |
16384
|
|
|
5F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074774967.0000000005F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F50000
|
| Size: |
221184
|
|
|
590F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222809144.000000000590F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
590F000
|
| Size: |
4096
|
|
|
2985000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002985000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2985000
|
| Size: |
12288
|
|
|
15A6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506161346.00000000015A6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
15A6000
|
| Size: |
8192
|
|
|
2D83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D83000
|
| Size: |
4096
|
|
|
2D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D10000
|
| Size: |
4096
|
|
|
2A85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A85000
|
| Size: |
4096
|
|
|
26D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D8000
|
| Size: |
4096
|
|
|
5862000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222341400.0000000005862000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5862000
|
| Size: |
40960
|
|
|
5C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073206406.0000000005C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C10000
|
| Size: |
65536
|
|
|
790000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059215807.0000000000790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
790000
|
| Size: |
8192
|
|
|
2B22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B22000
|
| Size: |
4096
|
|
|
5856000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222234763.0000000005856000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5856000
|
| Size: |
28672
|
|
|
60F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527289220.00000000060F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60F7000
|
| Size: |
36864
|
|
|
2EFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EFC000
|
| Size: |
4096
|
|
|
274F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000274F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
274F000
|
| Size: |
4096
|
|
|
2B83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B83000
|
| Size: |
4096
|
|
|
27CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27CB000
|
| Size: |
4096
|
|
|
264A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000264A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
264A000
|
| Size: |
45056
|
|
|
633000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3505706639.0000000000633000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
633000
|
| Size: |
4096
|
|
|
4A06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3522762307.0000000004A06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A06000
|
| Size: |
40960
|
|
|
2D53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D53000
|
| Size: |
53248
|
|
|
2D12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D12000
|
| Size: |
4096
|
|
|
26E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26E9000
|
| Size: |
4096
|
|
|
2A5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5A000
|
| Size: |
45056
|
|
|
2BA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA6000
|
| Size: |
4096
|
|
|
29C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C3000
|
| Size: |
4096
|
|
|
4F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071265158.0000000004F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F9F000
|
| Size: |
4096
|
|
|
2DCC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DCC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DCC000
|
| Size: |
4096
|
|
|
2E1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1D000
|
| Size: |
4096
|
|
|
4741000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004741000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
12288
|
|
|
2AB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB3000
|
| Size: |
12288
|
|
|
4F16000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220856743.0000000004F16000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F16000
|
| Size: |
40960
|
|
|
5B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072719121.0000000005B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B0E000
|
| Size: |
8192
|
|
|
46BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3522728372.00000000046BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46BE000
|
| Size: |
8192
|
|
|
27FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27FF000
|
| Size: |
4096
|
|
|
26ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26ED000
|
| Size: |
4096
|
|
|
3722000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003722000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3722000
|
| Size: |
12288
|
|
|
28DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28DB000
|
| Size: |
4096
|
|
|
1570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505569099.0000000001570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
12288
|
|
|
2F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F70000
|
| Size: |
40960
|
|
|
4A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523129244.0000000004A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A70000
|
| Size: |
65536
|
|
|
344C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510946994.000000000344C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344C000
|
| Size: |
16384
|
|
|
2C0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C0F000
|
| Size: |
40960
|
|
|
15B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506253106.00000000015B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15B0000
|
| Size: |
4096
|
|
|
2E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E50000
|
| Size: |
8192
|
|
|
2C99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C99000
|
| Size: |
4096
|
|
|
595E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.000000000595E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
595E000
|
| Size: |
4096
|
|
|
275E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000275E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
275E000
|
| Size: |
36864
|
|
|
5A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522431587.0000000005A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A20000
|
| Size: |
61440
|
|
|
2B12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B12000
|
| Size: |
28672
|
|
|
370A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000370A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
370A000
|
| Size: |
503808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
436000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3504781726.0000000000436000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
436000
|
| Size: |
4096
|
|
|
2C43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C43000
|
| Size: |
4096
|
|
|
4B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B02000
|
| Size: |
249856
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
579E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072178937.000000000579E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
579E000
|
| Size: |
8192
|
|
|
2B31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B31000
|
| Size: |
4096
|
|
|
680000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506363967.0000000000680000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
2F9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9A000
|
| Size: |
4096
|
|
|
5C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073139496.0000000005C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C00000
|
| Size: |
65536
|
|
|
256C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000256C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
256C000
|
| Size: |
4096
|
|
|
5900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222809144.0000000005900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5900000
|
| Size: |
16384
|
|
|
2CD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD3000
|
| Size: |
8192
|
|
|
393B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000393B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393B000
|
| Size: |
12288
|
|
|
27F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27F0000
|
| Size: |
4096
|
|
|
2872000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002872000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2872000
|
| Size: |
4096
|
|
|
450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3504952007.0000000000450000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450000
|
| Size: |
4096
|
|
|
272E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000272E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
272E000
|
| Size: |
4096
|
|
|
2C03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C03000
|
| Size: |
4096
|
|
|
2A51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A51000
|
| Size: |
16384
|
|
|
2F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F30000
|
| Size: |
4096
|
|
|
2470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.0000000002470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2470000
|
| Size: |
20480
|
|
|
4D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220720288.0000000004D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D8E000
|
| Size: |
8192
|
|
|
46F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000046F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F5000
|
| Size: |
4096
|
|
|
287E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000287E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
287E000
|
| Size: |
229376
|
|
|
3726000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003726000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3726000
|
| Size: |
12288
|
|
|
3509000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.0000000003509000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3509000
|
| Size: |
4096
|
|
|
CC8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC8000
|
| Size: |
16384
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059394726.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
16384
|
|
|
284D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000284D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
284D000
|
| Size: |
4096
|
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D06000
|
| Size: |
4096
|
|
|
15A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506088140.00000000015A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15A0000
|
| Size: |
4096
|
|
|
70C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.000000000070C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70C000
|
| Size: |
4096
|
|
|
F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060664687.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F80000
|
| Size: |
16384
|
|
|
2B46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B46000
|
| Size: |
12288
|
|
|
2809000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002809000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2809000
|
| Size: |
4096
|
|
|
2D16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D16000
|
| Size: |
4096
|
|
|
25BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512027183.00000000025BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25BE000
|
| Size: |
8192
|
|
|
3550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.0000000003550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3550000
|
| Size: |
962560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221301541.0000000005500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5500000
|
| Size: |
65536
|
|
|
2C01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C01000
|
| Size: |
4096
|
|
|
5870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222454578.0000000005870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5870000
|
| Size: |
45056
|
|
|
3113000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508472733.0000000003113000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3113000
|
| Size: |
8192
|
|
|
2995000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002995000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2995000
|
| Size: |
4096
|
|
|
29CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29CB000
|
| Size: |
4096
|
|
|
2DE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE5000
|
| Size: |
4096
|
|
|
2944000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002944000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2944000
|
| Size: |
4096
|
|
|
883000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195122083.0000000000883000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
883000
|
| Size: |
4096
|
|
|
524A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525049332.000000000524A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
524A000
|
| Size: |
24576
|
|
|
5C50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1073654544.0000000005C50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C50000
|
| Size: |
65536
|
|
|
2E48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E48000
|
| Size: |
4096
|
|
|
2A6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6D000
|
| Size: |
4096
|
|
|
2A8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8F000
|
| Size: |
40960
|
|
|
5F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525790675.0000000005F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F40000
|
| Size: |
4096
|
|
|
7030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526245472.0000000007030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7030000
|
| Size: |
4096
|
|
|
5244000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525049332.0000000005244000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5244000
|
| Size: |
4096
|
|
|
4AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
69632
|
|
|
28D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D8000
|
| Size: |
106496
|
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
365B000
|
| Size: |
36864
|
|
|
266A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000266A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
266A000
|
| Size: |
4096
|
|
|
2E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
4096
|
|
|
286E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000286E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
286E000
|
| Size: |
4096
|
|
|
304E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000304E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
304E000
|
| Size: |
4096
|
|
|
665000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506267286.0000000000665000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
665000
|
| Size: |
4096
|
|
|
5F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526174494.0000000005F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F60000
|
| Size: |
8192
|
|
|
5DD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524174165.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DD6000
|
| Size: |
8192
|
|
|
5FC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526633910.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5FC0000
|
| Size: |
65536
|
|
|
5740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072040995.0000000005740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5740000
|
| Size: |
65536
|
|
|
162A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.000000000162A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162A000
|
| Size: |
4096
|
|
|
2A03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A03000
|
| Size: |
4096
|
|
|
5C60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1224361458.0000000005C60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C60000
|
| Size: |
131072
|
|
|
2C5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C5A000
|
| Size: |
4096
|
|
|
2E1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1B000
|
| Size: |
4096
|
|
|
2829000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002829000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2829000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
52EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071533341.00000000052EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52EC000
|
| Size: |
16384
|
|
|
27CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27CD000
|
| Size: |
4096
|
|
|
37A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000037A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A2000
|
| Size: |
20480
|
|
|
2C24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C24000
|
| Size: |
4096
|
|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D31000
|
| Size: |
4096
|
|
|
634000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505767569.0000000000634000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
634000
|
| Size: |
8192
|
|
|
2838000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002838000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2838000
|
| Size: |
4096
|
|
|
22D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3508453542.00000000022D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22D3000
|
| Size: |
8192
|
|
|
2772000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002772000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2772000
|
| Size: |
4096
|
|
|
2CF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF9000
|
| Size: |
4096
|
|
|
475A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000475A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
475A000
|
| Size: |
16384
|
|
|
2576000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002576000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2576000
|
| Size: |
4096
|
|
|
285B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000285B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
285B000
|
| Size: |
24576
|
|
|
26A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000026A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26A6000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
58F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222716647.00000000058F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58F9000
|
| Size: |
28672
|
|
|
4AA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AA8000
|
| Size: |
12288
|
|
|
2C28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C28000
|
| Size: |
4096
|
|
|
2A8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8D000
|
| Size: |
4096
|
|
|
D5D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D5D000
|
| Size: |
12288
|
|
|
6FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525754929.0000000006FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FC0000
|
| Size: |
45056
|
|
|
2E76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E76000
|
| Size: |
12288
|
|
|
2EEE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EEE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
4096
|
|
|
2C93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C93000
|
| Size: |
4096
|
|
|
2C61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C61000
|
| Size: |
114688
|
|
|
36E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36E5000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526777566.0000000007070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7070000
|
| Size: |
32768
|
|
|
2B87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B87000
|
| Size: |
4096
|
|
|
25CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25CB000
|
| Size: |
4096
|
|
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1223128012.00000000059B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59B0000
|
| Size: |
65536
|
|
|
358E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511069867.000000000358E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358E000
|
| Size: |
8192
|
|
|
3A09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003A09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A09000
|
| Size: |
20480
|
|
|
6D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.00000000006D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D8000
|
| Size: |
159744
|
|
|
2FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA0000
|
| Size: |
4096
|
|
|
2A368408000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A368408000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368408000
|
| Size: |
180224
|
|
|
28D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D9000
|
| Size: |
4096
|
|
|
6FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525845676.0000000006FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
65536
|
|
|
2F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7F000
|
| Size: |
4096
|
|
|
2C1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1C000
|
| Size: |
4096
|
|
|
63D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3505832176.000000000063D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
63D000
|
| Size: |
4096
|
|
|
27CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27CF000
|
| Size: |
4096
|
|
|
2B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B54000
|
| Size: |
4096
|
|
|
22E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3508539297.00000000022E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22E0000
|
| Size: |
65536
|
|
|
364E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000364E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
364E000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2AEE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AEE000
|
| Size: |
4096
|
|
|
2B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B20000
|
| Size: |
4096
|
|
|
59A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1223041951.00000000059A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59A0000
|
| Size: |
65536
|
|
|
4FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071292720.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
3788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3788000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8C000
|
| Size: |
4096
|
|
|
26F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26F5000
|
| Size: |
4096
|
|
|
630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505640902.0000000000630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
630000
|
| Size: |
12288
|
|
|
28E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E2000
|
| Size: |
12288
|
|
|
73C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526980237.00000000073C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73C0000
|
| Size: |
8192
|
|
|
29ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29ED000
|
| Size: |
4096
|
|
|
5CC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005CC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CC2000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C0B000
|
| Size: |
4096
|
|
|
2A9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A9E000
|
| Size: |
4096
|
|
|
3499000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.0000000003499000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3499000
|
| Size: |
8192
|
|
|
2A8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8E000
|
| Size: |
102400
|
|
|
6400000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3527482645.0000000006400000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6400000
|
| Size: |
53248
|
|
|
323F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510366185.000000000323F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
323F000
|
| Size: |
4096
|
|
|
2D2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D2B000
|
| Size: |
4096
|
|
|
2CE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE8000
|
| Size: |
4096
|
|
|
27D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27D3000
|
| Size: |
12288
|
|
|
299F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000299F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
299F000
|
| Size: |
40960
|
|
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059379660.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C4D000
|
| Size: |
4096
|
|
|
2A68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A68000
|
| Size: |
4096
|
|
|
2F7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7D000
|
| Size: |
4096
|
|
|
3ABF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1070637470.0000000003ABF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ABF000
|
| Size: |
106496
|
|
|
29CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29CD000
|
| Size: |
4096
|
|
|
28C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C9000
|
| Size: |
4096
|
|
|
304C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000304C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
304C000
|
| Size: |
4096
|
|
|
2D08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D08000
|
| Size: |
4096
|
|
|
2C7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C7E000
|
| Size: |
4096
|
|
|
108F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060684654.000000000108F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
108F000
|
| Size: |
4096
|
|
|
2870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2870000
|
| Size: |
4096
|
|
|
2C2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C2F000
|
| Size: |
36864
|
|
|
1656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.0000000001656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1656000
|
| Size: |
8192
|
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CFB000
|
| Size: |
4096
|
|
|
2EE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE2000
|
| Size: |
45056
|
|
|
2955000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002955000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2955000
|
| Size: |
4096
|
|
|
3904000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003904000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3904000
|
| Size: |
8192
|
|
|
265A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000265A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
265A000
|
| Size: |
4096
|
|
|
2A5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5A000
|
| Size: |
4096
|
|
|
2DBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DBB000
|
| Size: |
4096
|
|
|
2A6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6E000
|
| Size: |
4096
|
|
|
4745000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004745000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4745000
|
| Size: |
4096
|
|
|
28C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C2000
|
| Size: |
8192
|
|
|
2AC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC1000
|
| Size: |
4096
|
|
|
25B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25B0000
|
| Size: |
4096
|
|
|
37C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C6000
|
| Size: |
4096
|
|
|
E8800FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179706746.000000E8800FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8800FE000
|
| Size: |
8192
|
|
|
2C22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C22000
|
| Size: |
4096
|
|
|
2CAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAC000
|
| Size: |
4096
|
|
|
26C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000026C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C9000
|
| Size: |
299008
|
|
|
2E7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E7A000
|
| Size: |
4096
|
|
|
28D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D7000
|
| Size: |
4096
|
|
|
258F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000258F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
258F000
|
| Size: |
4096
|
|
|
2614000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002614000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2614000
|
| Size: |
4096
|
|
|
2ED9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ED9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED9000
|
| Size: |
4096
|
|
|
497F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1219625188.000000000497F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497F000
|
| Size: |
4096
|
|
|
2B3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B3F000
|
| Size: |
4096
|
|
|
2A3682D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179998279.000002A3682D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3682D0000
|
| Size: |
4096
|
|
|
288D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000288D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
288D000
|
| Size: |
4096
|
|
|
2BA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA4000
|
| Size: |
4096
|
|
|
E8801F8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179750378.000000E8801F8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8801F8000
|
| Size: |
32768
|
|
|
2F17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
49152
|
|
|
5230000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3524980520.0000000005230000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5230000
|
| Size: |
40960
|
|
|
540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1048371595.0000000000540000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
540000
|
| Size: |
4096
|
|
|
774000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.0000000000774000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
774000
|
| Size: |
45056
|
|
|
2ED1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED1000
|
| Size: |
12288
|
|
|
25AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25AA000
|
| Size: |
20480
|
|
|
5A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223554530.0000000005A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A20000
|
| Size: |
4096
|
|
|
25C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C9000
|
| Size: |
4096
|
|
|
5CF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CF8000
|
| Size: |
102400
|
|
|
2BA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA9000
|
| Size: |
4096
|
|
|
2BC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC3000
|
| Size: |
24576
|
|
|
27E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27E6000
|
| Size: |
4096
|
|
|
247B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.000000000247B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
247B000
|
| Size: |
8192
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193001155.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
16384
|
|
|
2889000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002889000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2889000
|
| Size: |
4096
|
|
|
26A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26A0000
|
| Size: |
4096
|
|
|
70F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.000000000070F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70F000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
36AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36AE000
|
| Size: |
4096
|
|
|
2F66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F66000
|
| Size: |
4096
|
|
|
37A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A3000
|
| Size: |
77824
|
|
|
260F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000260F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
260F000
|
| Size: |
4096
|
|
|
263F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000263F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
263F000
|
| Size: |
4096
|
|
|
587C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222454578.000000000587C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
587C000
|
| Size: |
16384
|
|
|
3944000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003944000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3944000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
57BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222118347.00000000057BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57BF000
|
| Size: |
4096
|
|
|
566E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221623152.000000000566E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
566E000
|
| Size: |
8192
|
|
|
2A84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A84000
|
| Size: |
4096
|
|
|
2C9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C9E000
|
| Size: |
12288
|
|
|
6410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527544227.0000000006410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6410000
|
| Size: |
4096
|
|
|
5A30000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3522544142.0000000005A30000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5A30000
|
| Size: |
20480
|
|
|
2F5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5C000
|
| Size: |
4096
|
|
|
D55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000D55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D55000
|
| Size: |
12288
|
|
|
2BB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BB9000
|
| Size: |
4096
|
|
|
5B50000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072854711.0000000005B50000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5B50000
|
| Size: |
483328
|
|
|
29F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F9000
|
| Size: |
4096
|
|
|
2EDB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EDB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EDB000
|
| Size: |
4096
|
|
|
257A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000257A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
257A000
|
| Size: |
57344
|
|
|
2B1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1C000
|
| Size: |
4096
|
|
|
465D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000465D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
465D000
|
| Size: |
12288
|
|
|
391A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000391A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
391A000
|
| Size: |
4096
|
|
|
294C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000294C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294C000
|
| Size: |
4096
|
|
|
2593000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002593000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2593000
|
| Size: |
4096
|
|
|
2A8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8A000
|
| Size: |
4096
|
|
|
2B96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B96000
|
| Size: |
4096
|
|
|
25A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25A8000
|
| Size: |
4096
|
|
|
299D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000299D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
299D000
|
| Size: |
4096
|
|
|
30F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508389738.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F0000
|
| Size: |
4096
|
|
|
3744000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003744000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3744000
|
| Size: |
4096
|
|
|
28C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C3000
|
| Size: |
4096
|
|
|
EF9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060543660.0000000000EF9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF9000
|
| Size: |
12288
|
|
|
297C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000297C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
297C000
|
| Size: |
12288
|
|
|
2E8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E8B000
|
| Size: |
28672
|
|
|
30D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508078580.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D0000
|
| Size: |
4096
|
|
|
2BAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BAB000
|
| Size: |
45056
|
|
|
2909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2909000
|
| Size: |
4096
|
|
|
38FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38FC000
|
| Size: |
4096
|
|
|
352D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.000000000352D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
352D000
|
| Size: |
4096
|
|
|
A9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3504477544.00000000000A9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9000
|
| Size: |
28672
|
|
|
2D9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D9A000
|
| Size: |
4096
|
|
|
1560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505507923.0000000001560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
8192
|
|
|
2C3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C3F000
|
| Size: |
4096
|
|
|
2757000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002757000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2757000
|
| Size: |
4096
|
|
|
26F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26F1000
|
| Size: |
4096
|
|
|
2F13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F13000
|
| Size: |
4096
|
|
|
5DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525536441.0000000005DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DBE000
|
| Size: |
8192
|
|
|
46B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46B9000
|
| Size: |
163840
|
|
|
2755000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002755000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2755000
|
| Size: |
4096
|
|
|
2757000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002757000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2757000
|
| Size: |
8192
|
|
|
594B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.000000000594B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
594B000
|
| Size: |
8192
|
|
|
2BD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD8000
|
| Size: |
4096
|
|
|
2872000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002872000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2872000
|
| Size: |
4096
|
|
|
62CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524530006.00000000062CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
62CD000
|
| Size: |
12288
|
|
|
2CD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD6000
|
| Size: |
12288
|
|
|
25A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25A6000
|
| Size: |
4096
|
|
|
125A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3504927574.000000000125A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
125A000
|
| Size: |
24576
|
|
|
A6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195987965.0000000000A6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6C000
|
| Size: |
16384
|
|
|
2875000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002875000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2875000
|
| Size: |
4096
|
|
|
71C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059176106.000000000071C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71C000
|
| Size: |
16384
|
|
|
262A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000262A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
262A000
|
| Size: |
4096
|
|
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1073438911.0000000005C40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C40000
|
| Size: |
65536
|
|
|
5C29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073265892.0000000005C29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C29000
|
| Size: |
28672
|
|
|
5B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072811600.0000000005B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B40000
|
| Size: |
65536
|
|
|
6B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524959202.0000000006B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B9E000
|
| Size: |
8192
|
|
|
2C1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1E000
|
| Size: |
12288
|
|
|
2E69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E69000
|
| Size: |
4096
|
|
|
2E9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E9F000
|
| Size: |
4096
|
|
|
66B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506329010.000000000066B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66B000
|
| Size: |
4096
|
|
|
37EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000037EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37EA000
|
| Size: |
12288
|
|
|
2DAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DAD000
|
| Size: |
4096
|
|
|
5780000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1221702928.0000000005780000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5780000
|
| Size: |
28672
|
|
|
259F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000259F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
259F000
|
| Size: |
24576
|
|
|
290A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000290A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290A000
|
| Size: |
16384
|
|
|
302D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000302D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
302D000
|
| Size: |
4096
|
|
|
4929000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004929000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4929000
|
| Size: |
12288
|
|
|
3441000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.0000000003441000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3441000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2D4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
4096
|
|
|
241E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196257588.000000000241E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
241E000
|
| Size: |
8192
|
|
|
2A2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A2C000
|
| Size: |
4096
|
|
|
2F5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5E000
|
| Size: |
12288
|
|
|
2857000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002857000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2857000
|
| Size: |
12288
|
|
|
2692000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002692000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2692000
|
| Size: |
20480
|
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505123122.00000000004A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A0000
|
| Size: |
8192
|
|
|
5FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526599991.0000000005FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5FB0000
|
| Size: |
4096
|
|
|
C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059299748.0000000000C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
12288
|
|
|
2D9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D9E000
|
| Size: |
4096
|
|
|
AFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059249699.0000000000AFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFB000
|
| Size: |
20480
|
|
|
4C4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220560169.0000000004C4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C4F000
|
| Size: |
4096
|
|
|
6FF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526142119.0000000006FF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF6000
|
| Size: |
4096
|
|
|
21C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3507768116.00000000021C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21C0000
|
| Size: |
12288
|
|
|
EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060411853.0000000000EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EBE000
|
| Size: |
8192
|
|
|
5F50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526030850.0000000005F50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F50000
|
| Size: |
65536
|
|
|
38A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A3000
|
| Size: |
12288
|
|
|
5BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525218905.0000000005BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BBD000
|
| Size: |
12288
|
|
|
A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196089267.0000000000A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
65536
|
|
|
3865000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003865000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3865000
|
| Size: |
16384
|
|
|
2D48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D48000
|
| Size: |
4096
|
|
|
5AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223863680.0000000005AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5AA0000
|
| Size: |
65536
|
|
|
5EF0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074573465.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5EF0000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2A1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A1E000
|
| Size: |
53248
|
|
|
1220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060700554.0000000001220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
16384
|
|
|
2B98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B98000
|
| Size: |
12288
|
|
|
589F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072236112.000000000589F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
589F000
|
| Size: |
4096
|
|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D81000
|
| Size: |
4096
|
|
|
5F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074722577.0000000005F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F40000
|
| Size: |
65536
|
|
|
288F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000288F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
288F000
|
| Size: |
4096
|
|
|
2C97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C97000
|
| Size: |
4096
|
|
|
4B0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220310688.0000000004B0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0F000
|
| Size: |
4096
|
|
|
8CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3507608250.00000000008CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CE000
|
| Size: |
8192
|
|
|
5A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223440433.0000000005A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
65536
|
|
|
2647000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002647000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2647000
|
| Size: |
4096
|
|
|
5D80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1073949266.0000000005D80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5D80000
|
| Size: |
65536
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505351709.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
8192
|
|
|
2830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2830000
|
| Size: |
4096
|
|
|
2E46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E46000
|
| Size: |
4096
|
|
|
2DC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DC2000
|
| Size: |
12288
|
|
|
2CE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE6000
|
| Size: |
4096
|
|
|
2B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B50000
|
| Size: |
4096
|
|
|
27F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27F3000
|
| Size: |
45056
|
|
|
2836000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002836000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2836000
|
| Size: |
4096
|
|
|
4A04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3522762307.0000000004A04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A04000
|
| Size: |
4096
|
|
|
2B58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B58000
|
| Size: |
4096
|
|
|
2CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE0000
|
| Size: |
4096
|
|
|
620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505561511.0000000000620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
620000
|
| Size: |
8192
|
|
|
2E17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E17000
|
| Size: |
4096
|
|
|
26B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B9000
|
| Size: |
20480
|
|
|
2A3684C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A3684C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3684C9000
|
| Size: |
4096
|
|
|
5E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074306755.0000000005E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E40000
|
| Size: |
8192
|
|
|
28BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28BC000
|
| Size: |
4096
|
|
|
4A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3522762307.0000000004A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059360214.0000000000C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
59D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522322058.00000000059D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59D0000
|
| Size: |
65536
|
|
|
2877000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002877000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2877000
|
| Size: |
45056
|
|
|
2B7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B7F000
|
| Size: |
4096
|
|
|
2A71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A71000
|
| Size: |
4096
|
|
|
5972000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.0000000005972000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5972000
|
| Size: |
49152
|
|
|
650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506083973.0000000000650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
4096
|
|
|
2C09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C09000
|
| Size: |
4096
|
|
|
2A4B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A4B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A4B000
|
| Size: |
4096
|
|
|
62C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524530006.00000000062C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
62C0000
|
| Size: |
49152
|
|
|
26D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D0000
|
| Size: |
4096
|
|
|
520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505299503.0000000000520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520000
|
| Size: |
16384
|
|
|
2868000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002868000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2868000
|
| Size: |
4096
|
|
|
2B5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B5A000
|
| Size: |
4096
|
|
|
301D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000301D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
301D000
|
| Size: |
53248
|
|
|
27B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
4096
|
|
|
2496000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.0000000002496000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2496000
|
| Size: |
16384
|
|
|
5E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525676859.0000000005E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E3E000
|
| Size: |
8192
|
|
|
265E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000265E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
265E000
|
| Size: |
4096
|
|
|
2CCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCF000
|
| Size: |
4096
|
|
|
27D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27D7000
|
| Size: |
4096
|
|
|
60D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527142092.00000000060D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60D0000
|
| Size: |
4096
|
|
|
50DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221057369.00000000050DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50DF000
|
| Size: |
4096
|
|
|
2E5F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E5F000
|
| Size: |
4096
|
|
|
2CE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE4000
|
| Size: |
4096
|
|
|
14DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505196660.00000000014DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14DE000
|
| Size: |
8192
|
|
|
2DB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB7000
|
| Size: |
4096
|
|
|
2C56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C56000
|
| Size: |
4096
|
|
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1221890926.00000000057A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57A0000
|
| Size: |
65536
|
|
|
5C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073265892.0000000005C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C20000
|
| Size: |
32768
|
|
|
E8FFFFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179982261.000000E8FFFFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8FFFFE000
|
| Size: |
8192
|
|
|
5F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525732337.0000000005F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F3E000
|
| Size: |
8192
|
|
|
2C58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C58000
|
| Size: |
4096
|
|
|
5F80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526329496.0000000005F80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F80000
|
| Size: |
65536
|
|
|
2C07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C07000
|
| Size: |
4096
|
|
|
1550000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505442849.0000000001550000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
1550000
|
| Size: |
4096
|
|
|
6EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525211799.0000000006EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EDE000
|
| Size: |
8192
|
|
|
2999000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002999000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2999000
|
| Size: |
4096
|
|
|
4AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AA0000
|
| Size: |
8192
|
|
|
2E84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E84000
|
| Size: |
4096
|
|
|
4AB8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AB8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AB8000
|
| Size: |
4096
|
|
|
6CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506399856.00000000006CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CE000
|
| Size: |
8192
|
|
|
393F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000393F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393F000
|
| Size: |
303104
|
|
|
26BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26BF000
|
| Size: |
4096
|
|
|
15B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506291225.00000000015B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15B2000
|
| Size: |
4096
|
|
|
2CCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCB000
|
| Size: |
4096
|
|
|
4CFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3524522644.0000000004CFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CFD000
|
| Size: |
12288
|
|
|
2578000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002578000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2578000
|
| Size: |
4096
|
|
|
7032000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526245472.0000000007032000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7032000
|
| Size: |
8192
|
|
|
422000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3504781726.0000000000422000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
422000
|
| Size: |
8192
|
|
|
36BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BE000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F34000
|
| Size: |
159744
|
|
|
1573000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3505650209.0000000001573000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1573000
|
| Size: |
4096
|
|
|
27D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27D9000
|
| Size: |
16384
|
|
|
3400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510902461.0000000003400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3400000
|
| Size: |
16384
|
|
|
594E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.000000000594E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
594E000
|
| Size: |
45056
|
|
|
2B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B5C000
|
| Size: |
106496
|
|
|
2EFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EFA000
|
| Size: |
4096
|
|
|
3936000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003936000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3936000
|
| Size: |
4096
|
|
|
5F90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526457377.0000000005F90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F90000
|
| Size: |
65536
|
|
|
283E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000283E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
283E000
|
| Size: |
8192
|
|
|
2AB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB9000
|
| Size: |
4096
|
|
|
2B37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B37000
|
| Size: |
12288
|
|
|
2841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2841000
|
| Size: |
45056
|
|
|
2A6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6C000
|
| Size: |
4096
|
|
|
5880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222547112.0000000005880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5880000
|
| Size: |
65536
|
|
|
2F32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
4096
|
|
|
EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060450582.0000000000EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
65536
|
|
|
453E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1219545840.000000000453E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
453E000
|
| Size: |
8192
|
|
|
27B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B2000
|
| Size: |
4096
|
|
|
276A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000276A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
276A000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2736000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002736000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2736000
|
| Size: |
4096
|
|
|
60C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527082528.00000000060C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60C4000
|
| Size: |
36864
|
|
|
2855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2855000
|
| Size: |
4096
|
|
|
5DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524174165.0000000005DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DD4000
|
| Size: |
4096
|
|
|
7024000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526186392.0000000007024000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7024000
|
| Size: |
36864
|
|
|
2946000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002946000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2946000
|
| Size: |
4096
|
|
|
28EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28EE000
|
| Size: |
4096
|
|
|
284F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000284F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
284F000
|
| Size: |
4096
|
|
|
387C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000387C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
387C000
|
| Size: |
118784
|
|
|
29E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E0000
|
| Size: |
12288
|
|
|
74E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.000000000074E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
74E000
|
| Size: |
151552
|
|
|
2EF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF6000
|
| Size: |
4096
|
|
|
2AB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB7000
|
| Size: |
4096
|
|
|
297A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000297A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
297A000
|
| Size: |
4096
|
|
|
6060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3526752012.0000000006060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6060000
|
| Size: |
4096
|
|
|
36B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B2000
|
| Size: |
4096
|
|
|
2DCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DCE000
|
| Size: |
4096
|
|
|
29B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B0000
|
| Size: |
4096
|
|
|
461C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000461C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
461C000
|
| Size: |
16384
|
|
|
5A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072694250.0000000005A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A0E000
|
| Size: |
8192
|
|
|
2D9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D9C000
|
| Size: |
4096
|
|
|
2980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2980000
|
| Size: |
4096
|
|
|
5DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525618755.0000000005DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DFE000
|
| Size: |
8192
|
|
|
5FA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526564544.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5FA0000
|
| Size: |
8192
|
|
|
5BFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525265757.0000000005BFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BFD000
|
| Size: |
12288
|
|
|
25DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25DC000
|
| Size: |
4096
|
|
|
3999000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1070637470.0000000003999000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3999000
|
| Size: |
299008
|
|
|
546F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071608487.000000000546F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546F000
|
| Size: |
4096
|
|
|
2ABD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ABD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABD000
|
| Size: |
4096
|
|
|
26DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26DC000
|
| Size: |
40960
|
|
|
273C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000273C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
273C000
|
| Size: |
4096
|
|
|
2A14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A14000
|
| Size: |
4096
|
|
|
15AA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506212698.00000000015AA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
15AA000
|
| Size: |
8192
|
|
|
2D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
4096
|
|
|
2B07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B07000
|
| Size: |
4096
|
|
|
E8804FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179809508.000000E8804FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8804FF000
|
| Size: |
4096
|
|
|
2A8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A8B000
|
| Size: |
4096
|
|
|
6DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525166709.0000000006DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DDE000
|
| Size: |
8192
|
|
|
275F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000275F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
275F000
|
| Size: |
4096
|
|
|
2676000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002676000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2676000
|
| Size: |
4096
|
|
|
7090000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3526830735.0000000007090000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7090000
|
| Size: |
53248
|
|
|
288B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000288B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
288B000
|
| Size: |
4096
|
|
|
4A90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3523236446.0000000004A90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4A90000
|
| Size: |
20480
|
|
|
2B05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B05000
|
| Size: |
4096
|
|
|
25C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C1000
|
| Size: |
4096
|
|
|
2660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2660000
|
| Size: |
4096
|
|
|
2348000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196212428.0000000002348000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2348000
|
| Size: |
8192
|
|
|
2D87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D87000
|
| Size: |
16384
|
|
|
2626000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002626000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2626000
|
| Size: |
12288
|
|
|
2F0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
4096
|
|
|
2768000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002768000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2768000
|
| Size: |
4096
|
|
|
2E4C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E4C000
|
| Size: |
4096
|
|
|
28F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F2000
|
| Size: |
4096
|
|
|
2CC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC3000
|
| Size: |
12288
|
|
|
29EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29EF000
|
| Size: |
12288
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1192947537.00000000005E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
2C9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C9B000
|
| Size: |
4096
|
|
|
656000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506158515.0000000000656000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
656000
|
| Size: |
8192
|
|
|
57B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1192918347.000000000057B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57B000
|
| Size: |
20480
|
|
|
2891000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002891000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2891000
|
| Size: |
139264
|
|
|
2A3684C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A3684C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3684C7000
|
| Size: |
4096
|
|
|
28D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D5000
|
| Size: |
4096
|
|
|
2BA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA2000
|
| Size: |
4096
|
|
|
29F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F7000
|
| Size: |
4096
|
|
|
2F2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2A000
|
| Size: |
4096
|
|
|
2901000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002901000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2901000
|
| Size: |
8192
|
|
|
4E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071204395.0000000004E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E40000
|
| Size: |
65536
|
|
|
7040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526400884.0000000007040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7040000
|
| Size: |
45056
|
|
|
369A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000369A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369A000
|
| Size: |
4096
|
|
|
2ABF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABF000
|
| Size: |
4096
|
|
|
2904000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002904000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2904000
|
| Size: |
4096
|
|
|
2450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3510922298.0000000002450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2450000
|
| Size: |
65536
|
|
|
29BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29BD000
|
| Size: |
12288
|
|
|
363F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.000000000363F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
363F000
|
| Size: |
356352
|
|
|
2DFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DFE000
|
| Size: |
4096
|
|
|
29FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FD000
|
| Size: |
4096
|
|
|
2F62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F62000
|
| Size: |
4096
|
|
|
282F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000282F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
282F000
|
| Size: |
4096
|
|
|
2643000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002643000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2643000
|
| Size: |
4096
|
|
|
2645000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002645000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2645000
|
| Size: |
4096
|
|
|
273A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000273A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
273A000
|
| Size: |
4096
|
|
|
2C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C80000
|
| Size: |
4096
|
|
|
6F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525530702.0000000006F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F10000
|
| Size: |
65536
|
|
|
2753000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002753000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2753000
|
| Size: |
4096
|
|
|
26F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26F8000
|
| Size: |
122880
|
|
|
58E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1222626962.00000000058E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58E0000
|
| Size: |
65536
|
|
|
5E60000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074382230.0000000005E60000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5E60000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2E65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E65000
|
| Size: |
12288
|
|
|
2DB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB1000
|
| Size: |
4096
|
|
|
244E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3510865512.000000000244E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
244E000
|
| Size: |
8192
|
|
|
C3D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059344077.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C3D000
|
| Size: |
4096
|
|
|
27EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27EA000
|
| Size: |
4096
|
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D4C000
|
| Size: |
4096
|
|
|
27EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27EC000
|
| Size: |
4096
|
|
|
E8805FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179890388.000000E8805FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8805FB000
|
| Size: |
20480
|
|
|
280D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000280D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
280D000
|
| Size: |
139264
|
|
|
2B8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B8B000
|
| Size: |
4096
|
|
|
267E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000267E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
267E000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2B41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B41000
|
| Size: |
16384
|
|
|
462F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000462F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
462F000
|
| Size: |
4096
|
|
|
2732000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002732000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2732000
|
| Size: |
4096
|
|
|
2A6F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6F000
|
| Size: |
4096
|
|
|
15B5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506328311.00000000015B5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
15B5000
|
| Size: |
4096
|
|
|
31E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508692568.00000000031E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31E0000
|
| Size: |
20480
|
|
|
9C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195850100.00000000009C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9C7000
|
| Size: |
4096
|
|
|
4AE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004AE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE8000
|
| Size: |
4096
|
|
|
2CAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAE000
|
| Size: |
4096
|
|
|
2BDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BDC000
|
| Size: |
4096
|
|
|
2BD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD6000
|
| Size: |
4096
|
|
|
2982000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002982000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2982000
|
| Size: |
4096
|
|
|
2A72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A72000
|
| Size: |
4096
|
|
|
9C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195815249.00000000009C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9C2000
|
| Size: |
4096
|
|
|
2C05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C05000
|
| Size: |
4096
|
|
|
28E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E6000
|
| Size: |
12288
|
|
|
1A6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3504678159.00000000001A6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1A6000
|
| Size: |
40960
|
|
|
29C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C7000
|
| Size: |
4096
|
|
|
2DD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD2000
|
| Size: |
4096
|
|
|
2A79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A79000
|
| Size: |
4096
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
28672
|
|
|
2B85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B85000
|
| Size: |
4096
|
|
|
5C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073327700.0000000005C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C30000
|
| Size: |
57344
|
|
|
47CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000047CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47CB000
|
| Size: |
4096
|
|
|
29AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29AA000
|
| Size: |
4096
|
|
|
36F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000036F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F8000
|
| Size: |
4096
|
|
|
2DBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DBD000
|
| Size: |
8192
|
|
|
26F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26F3000
|
| Size: |
4096
|
|
|
290D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000290D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290D000
|
| Size: |
4096
|
|
|
3900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3900000
|
| Size: |
4096
|
|
|
3016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3016000
|
| Size: |
4096
|
|
|
5DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074032363.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DA0000
|
| Size: |
65536
|
|
|
62E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3524838170.00000000062E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
62E0000
|
| Size: |
65536
|
|
|
2635000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002635000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2635000
|
| Size: |
12288
|
|
|
290B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000290B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290B000
|
| Size: |
4096
|
|
|
1590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505903771.0000000001590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1590000
|
| Size: |
8192
|
|
|
3014000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003014000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3014000
|
| Size: |
4096
|
|
|
2721000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002721000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2721000
|
| Size: |
4096
|
|
|
37D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000037D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37D4000
|
| Size: |
4096
|
|
|
159D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506031211.000000000159D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
159D000
|
| Size: |
4096
|
|
|
2DEB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DEB000
|
| Size: |
4096
|
|
|
58A0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1072284919.00000000058A0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
58A0000
|
| Size: |
1179648
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1192973566.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
8192
|
|
|
25DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25DE000
|
| Size: |
4096
|
|
|
27EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27EE000
|
| Size: |
4096
|
|
|
2F7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7B000
|
| Size: |
4096
|
|
|
2572000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002572000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2572000
|
| Size: |
4096
|
|
|
36A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A2000
|
| Size: |
4096
|
|
|
C33000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059315613.0000000000C33000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C33000
|
| Size: |
4096
|
|
|
29AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29AC000
|
| Size: |
4096
|
|
|
C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059285186.0000000000C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
8192
|
|
|
25C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C3000
|
| Size: |
4096
|
|
|
2D65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D65000
|
| Size: |
16384
|
|
|
26A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26A4000
|
| Size: |
57344
|
|
|
2723000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002723000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2723000
|
| Size: |
4096
|
|
|
2CB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB8000
|
| Size: |
32768
|
|
|
2E25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E25000
|
| Size: |
114688
|
|
|
9B6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195741207.00000000009B6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9B6000
|
| Size: |
8192
|
|
|
2E44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E44000
|
| Size: |
4096
|
|
|
2963000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002963000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2963000
|
| Size: |
4096
|
|
|
2AF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF1000
|
| Size: |
53248
|
|
|
290F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000290F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290F000
|
| Size: |
4096
|
|
|
276A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000276A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
276A000
|
| Size: |
4096
|
|
|
2D46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D46000
|
| Size: |
4096
|
|
|
2E53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E53000
|
| Size: |
4096
|
|
|
2F6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6A000
|
| Size: |
4096
|
|
|
2DD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD8000
|
| Size: |
40960
|
|
|
495E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000495E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495E000
|
| Size: |
16384
|
|
|
47FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000047FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47FD000
|
| Size: |
4096
|
|
|
2805000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002805000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2805000
|
| Size: |
4096
|
|
|
542000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1048389393.0000000000542000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
542000
|
| Size: |
1314816
|
|
|
38A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A2000
|
| Size: |
12288
|
|
|
2F0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F0B000
|
| Size: |
4096
|
|
|
164A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.000000000164A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
164A000
|
| Size: |
16384
|
|
|
3855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3855000
|
| Size: |
4096
|
|
|
2BD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD2000
|
| Size: |
4096
|
|
|
4A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3522943504.0000000004A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A10000
|
| Size: |
65536
|
|
|
33F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510830947.00000000033F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33F0000
|
| Size: |
65536
|
|
|
14E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505276922.00000000014E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E0000
|
| Size: |
16384
|
|
|
2F85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F85000
|
| Size: |
4096
|
|
|
2D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D4A000
|
| Size: |
4096
|
|
|
283A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000283A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
283A000
|
| Size: |
4096
|
|
|
2E0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E0A000
|
| Size: |
24576
|
|
|
2874000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002874000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2874000
|
| Size: |
4096
|
|
|
36AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36AA000
|
| Size: |
4096
|
|
|
CF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000CF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF6000
|
| Size: |
49152
|
|
|
525E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071511346.000000000525E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
525E000
|
| Size: |
8192
|
|
|
4871000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004871000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4871000
|
| Size: |
12288
|
|
|
25EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25EA000
|
| Size: |
106496
|
|
|
260D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000260D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
260D000
|
| Size: |
4096
|
|
|
260B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000260B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
260B000
|
| Size: |
4096
|
|
|
3936000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003936000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3936000
|
| Size: |
8192
|
|
|
467D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000467D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
467D000
|
| Size: |
8192
|
|
|
5C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525412450.0000000005C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C7E000
|
| Size: |
8192
|
|
|
2C3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C3B000
|
| Size: |
4096
|
|
|
4601000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004601000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
20480
|
|
|
515E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071473717.000000000515E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
515E000
|
| Size: |
8192
|
|
|
7390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526952457.0000000007390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7390000
|
| Size: |
4096
|
|
|
261B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000261B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
261B000
|
| Size: |
36864
|
|
|
393F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000393F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393F000
|
| Size: |
4096
|
|
|
6050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074893968.0000000006050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6050000
|
| Size: |
8192
|
|
|
38F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F3000
|
| Size: |
8192
|
|
|
2ABD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002ABD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABD000
|
| Size: |
12288
|
|
|
354D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511022885.000000000354D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354D000
|
| Size: |
12288
|
|
|
2DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD4000
|
| Size: |
4096
|
|
|
627E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524413834.000000000627E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
627E000
|
| Size: |
8192
|
|
|
5A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522590228.0000000005A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A40000
|
| Size: |
4096
|
|
|
2672000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002672000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2672000
|
| Size: |
4096
|
|
|
2AAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AAD000
|
| Size: |
4096
|
|
|
2630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2630000
|
| Size: |
8192
|
|
|
2C0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C0D000
|
| Size: |
4096
|
|
|
65A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506197181.000000000065A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
65A000
|
| Size: |
8192
|
|
|
36F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.00000000036F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F1000
|
| Size: |
135168
|
|
|
1580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505832632.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
16384
|
|
|
2E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E80000
|
| Size: |
4096
|
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D01000
|
| Size: |
16384
|
|
|
6100000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1074917563.0000000006100000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6100000
|
| Size: |
131072
|
|
|
60BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524356147.00000000060BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60BE000
|
| Size: |
8192
|
|
|
269E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000269E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
269E000
|
| Size: |
4096
|
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1A000
|
| Size: |
4096
|
|
|
2EF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF8000
|
| Size: |
4096
|
|
|
3902000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003902000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3902000
|
| Size: |
4096
|
|
|
30E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508122730.00000000030E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30E0000
|
| Size: |
65536
|
|
|
2F26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F26000
|
| Size: |
4096
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3504497907.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
38F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000038F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F7000
|
| Size: |
16384
|
|
|
2FA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002FA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA2000
|
| Size: |
4096
|
|
|
2BD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD4000
|
| Size: |
4096
|
|
|
2AA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA8000
|
| Size: |
4096
|
|
|
5BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073039841.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BE0000
|
| Size: |
53248
|
|
|
2A87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A87000
|
| Size: |
4096
|
|
|
2934000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002934000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2934000
|
| Size: |
4096
|
|
|
47C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1192880733.000000000047C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47C000
|
| Size: |
16384
|
|
|
4980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1219736807.0000000004980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4980000
|
| Size: |
65536
|
|
|
286C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000286C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
286C000
|
| Size: |
4096
|
|
|
2DE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE9000
|
| Size: |
4096
|
|
|
28EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28EA000
|
| Size: |
4096
|
|
|
29C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C9000
|
| Size: |
4096
|
|
|
2B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B4A000
|
| Size: |
20480
|
|
|
296B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000296B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
296B000
|
| Size: |
40960
|
|
|
276C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000276C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
276C000
|
| Size: |
4096
|
|
|
34E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.00000000034E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34E6000
|
| Size: |
4096
|
|
|
293E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060723883.000000000293E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293E000
|
| Size: |
8192
|
|
|
2BDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BDA000
|
| Size: |
4096
|
|
|
4E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071241504.0000000004E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E9E000
|
| Size: |
8192
|
|
|
2967000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002967000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2967000
|
| Size: |
4096
|
|
|
38A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A6000
|
| Size: |
12288
|
|
|
5EE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1074526804.0000000005EE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EE5000
|
| Size: |
36864
|
|
|
468D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000468D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
468D000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
2595000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002595000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2595000
|
| Size: |
36864
|
|
|
2862000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002862000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2862000
|
| Size: |
20480
|
|
|
26CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26CE000
|
| Size: |
4096
|
|
|
2DE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE3000
|
| Size: |
4096
|
|
|
2961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2961000
|
| Size: |
4096
|
|
|
36BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BA000
|
| Size: |
4096
|
|
|
2DC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DC6000
|
| Size: |
20480
|
|
|
5DDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3524174165.0000000005DDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DDA000
|
| Size: |
24576
|
|
|
2F15000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F15000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F15000
|
| Size: |
4096
|
|
|
6D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525056111.0000000006D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D1E000
|
| Size: |
8192
|
|
|
2D1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1D000
|
| Size: |
53248
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
24576
|
|
|
2E02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
4096
|
|
|
2A32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A32000
|
| Size: |
12288
|
|
|
15D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506434201.00000000015D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15D0000
|
| Size: |
4096
|
|
|
5AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1224139080.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AC0000
|
| Size: |
221184
|
|
|
3670000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003670000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3670000
|
| Size: |
8192
|
|
|
28FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28FB000
|
| Size: |
16384
|
|
|
35C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000035C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35C1000
|
| Size: |
20480
|
|
|
2F64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F64000
|
| Size: |
4096
|
|
|
2D8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8E000
|
| Size: |
36864
|
|
|
28BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28BE000
|
| Size: |
4096
|
|
|
2A2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A2E000
|
| Size: |
4096
|
|
|
2DB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB9000
|
| Size: |
4096
|
|
|
2611000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002611000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2611000
|
| Size: |
4096
|
|
|
27E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27E8000
|
| Size: |
4096
|
|
|
29E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E4000
|
| Size: |
4096
|
|
|
2B01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B01000
|
| Size: |
4096
|
|
|
2774000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002774000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2774000
|
| Size: |
225280
|
|
|
2883000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002883000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2883000
|
| Size: |
4096
|
|
|
CB0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059589503.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
CB0000
|
| Size: |
4096
|
|
|
2F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F83000
|
| Size: |
4096
|
|
|
643000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505959693.0000000000643000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
643000
|
| Size: |
28672
|
|
|
2D2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D2D000
|
| Size: |
12288
|
|
|
2AC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC1000
|
| Size: |
4096
|
|
|
1620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.0000000001620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
12288
|
|
|
2638000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002638000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2638000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3932000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003932000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3932000
|
| Size: |
4096
|
|
|
2E11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E11000
|
| Size: |
4096
|
|
|
16A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.00000000016A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A8000
|
| Size: |
225280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A74000
|
| Size: |
8192
|
|
|
700000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.0000000000700000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
20480
|
|
|
600000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505453471.0000000000600000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
4096
|
|
|
5246000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525049332.0000000005246000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5246000
|
| Size: |
8192
|
|
|
1593000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3505984829.0000000001593000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1593000
|
| Size: |
8192
|
|
|
2B33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B33000
|
| Size: |
4096
|
|
|
26D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D6000
|
| Size: |
4096
|
|
|
28F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F7000
|
| Size: |
12288
|
|
|
165A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.000000000165A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
165A000
|
| Size: |
315392
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
286A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000286A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
286A000
|
| Size: |
4096
|
|
|
2D6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6D000
|
| Size: |
53248
|
|
|
2E82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E82000
|
| Size: |
4096
|
|
|
2574000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002574000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2574000
|
| Size: |
4096
|
|
|
294E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000294E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294E000
|
| Size: |
4096
|
|
|
7DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059232781.00000000007DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
12288
|
|
|
47E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000047E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47E1000
|
| Size: |
12288
|
|
|
5CA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005CA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CA6000
|
| Size: |
4096
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195575163.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
16384
|
|
|
2664000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002664000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2664000
|
| Size: |
16384
|
|
|
2605000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002605000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2605000
|
| Size: |
4096
|
|
|
2989000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002989000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2989000
|
| Size: |
4096
|
|
|
4A00000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1220181497.0000000004A00000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
2A81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A81000
|
| Size: |
12288
|
|
|
3909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3909000
|
| Size: |
102400
|
|
|
2B8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B8E000
|
| Size: |
20480
|
|
|
2430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196305328.0000000002430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2430000
|
| Size: |
24576
|
|
|
2C91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C91000
|
| Size: |
4096
|
|
|
276E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000276E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
276E000
|
| Size: |
4096
|
|
|
2E93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E93000
|
| Size: |
4096
|
|
|
2CA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA2000
|
| Size: |
36864
|
|
|
25E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E6000
|
| Size: |
4096
|
|
|
2F24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F24000
|
| Size: |
4096
|
|
|
5A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223635049.0000000005A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A80000
|
| Size: |
65536
|
|
|
2942000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002942000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2942000
|
| Size: |
4096
|
|
|
5F46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525790675.0000000005F46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F46000
|
| Size: |
4096
|
|
|
2D6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6A000
|
| Size: |
4096
|
|
|
29DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29DE000
|
| Size: |
4096
|
|
|
2D3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D3A000
|
| Size: |
4096
|
|
|
2EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
131072
|
|
|
511E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3524935630.000000000511E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511E000
|
| Size: |
8192
|
|
|
53C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221176025.00000000053C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
35E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511142572.00000000035E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35E0000
|
| Size: |
65536
|
|
|
36A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A6000
|
| Size: |
4096
|
|
|
1614000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.0000000001614000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1614000
|
| Size: |
45056
|
|
|
3655000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003655000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3655000
|
| Size: |
20480
|
|
|
C62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059461993.0000000000C62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
4096
|
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220442842.0000000004B4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B4E000
|
| Size: |
8192
|
|
|
29E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E6000
|
| Size: |
4096
|
|
|
2B9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B9E000
|
| Size: |
4096
|
|
|
2905000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002905000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2905000
|
| Size: |
4096
|
|
|
2AFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AFF000
|
| Size: |
4096
|
|
|
C34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059330227.0000000000C34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C34000
|
| Size: |
4096
|
|
|
5F4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525790675.0000000005F4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F4D000
|
| Size: |
12288
|
|
|
3904000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003904000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3904000
|
| Size: |
12288
|
|
|
2CB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB6000
|
| Size: |
4096
|
|
|
2AAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AAB000
|
| Size: |
53248
|
|
|
3128000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508552668.0000000003128000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3128000
|
| Size: |
4096
|
|
|
6D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525128236.0000000006D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D9E000
|
| Size: |
8192
|
|
|
E8FFCFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179938736.000000E8FFCFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8FFCFE000
|
| Size: |
8192
|
|
|
6F00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3525487317.0000000006F00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6F00000
|
| Size: |
8192
|
|
|
5C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073705397.0000000005C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C60000
|
| Size: |
339968
|
|
|
2720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2720000
|
| Size: |
45056
|
|
|
A70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1196034079.0000000000A70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A70000
|
| Size: |
65536
|
|
|
2CEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CEC000
|
| Size: |
49152
|
|
|
2DD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD6000
|
| Size: |
4096
|
|
|
49E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505017994.000000000049E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49E000
|
| Size: |
8192
|
|
|
F7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060644829.0000000000F7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F7C000
|
| Size: |
16384
|
|
|
248A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.000000000248A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
248A000
|
| Size: |
4096
|
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000389C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
389C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2B9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B9C000
|
| Size: |
4096
|
|
|
35F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3511297115.00000000035F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
35F0000
|
| Size: |
4096
|
|
|
3776000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003776000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3776000
|
| Size: |
4096
|
|
|
15B7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3506362183.00000000015B7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
15B7000
|
| Size: |
4096
|
|
|
2C45000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C45000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C45000
|
| Size: |
40960
|
|
|
6080000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526975972.0000000006080000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6080000
|
| Size: |
65536
|
|
|
4F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220985865.0000000004F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F9E000
|
| Size: |
8192
|
|
|
2C82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C82000
|
| Size: |
57344
|
|
|
CA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059548458.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CA0000
|
| Size: |
65536
|
|
|
58F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222716647.00000000058F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58F0000
|
| Size: |
32768
|
|
|
2420000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1196283957.0000000002420000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2420000
|
| Size: |
4096
|
|
|
5C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522627967.0000000005C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C3E000
|
| Size: |
8192
|
|
|
28B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28B8000
|
| Size: |
4096
|
|
|
28CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28CF000
|
| Size: |
4096
|
|
|
2F68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F68000
|
| Size: |
4096
|
|
|
29FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FB000
|
| Size: |
4096
|
|
|
57B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222118347.00000000057B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57B0000
|
| Size: |
16384
|
|
|
2A3683B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180142566.000002A3683B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3683B0000
|
| Size: |
8192
|
|
|
2734000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002734000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2734000
|
| Size: |
12288
|
|
|
2658000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002658000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2658000
|
| Size: |
4096
|
|
|
2D63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D63000
|
| Size: |
4096
|
|
|
4ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071149680.0000000004ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ADE000
|
| Size: |
8192
|
|
|
2D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D40000
|
| Size: |
20480
|
|
|
2911000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002911000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2911000
|
| Size: |
135168
|
|
|
2E1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1F000
|
| Size: |
4096
|
|
|
27B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B4000
|
| Size: |
4096
|
|
|
2851000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002851000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2851000
|
| Size: |
4096
|
|
|
CE9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE9000
|
| Size: |
49152
|
|
|
2D35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D35000
|
| Size: |
4096
|
|
|
2832000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002832000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2832000
|
| Size: |
4096
|
|
|
2EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF0000
|
| Size: |
4096
|
|
|
2639000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002639000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2639000
|
| Size: |
4096
|
|
|
6D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3525092777.0000000006D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D5E000
|
| Size: |
8192
|
|
|
2740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2740000
|
| Size: |
32768
|
|
|
2D85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D85000
|
| Size: |
4096
|
|
|
2F11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F11000
|
| Size: |
4096
|
|
|
275D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000275D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
275D000
|
| Size: |
4096
|
|
|
2641000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002641000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2641000
|
| Size: |
4096
|
|
|
2DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DF0000
|
| Size: |
53248
|
|
|
28BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28BA000
|
| Size: |
4096
|
|
|
5D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525494706.0000000005D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D7E000
|
| Size: |
8192
|
|
|
E8FF93A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179910954.000000E8FF93A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8FF93A000
|
| Size: |
24576
|
|
|
3740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3740000
|
| Size: |
12288
|
|
|
2589000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002589000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2589000
|
| Size: |
4096
|
|
|
5940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.0000000005940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5940000
|
| Size: |
20480
|
|
|
2A58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A58000
|
| Size: |
4096
|
|
|
2607000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002607000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2607000
|
| Size: |
4096
|
|
|
5C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525364041.0000000005C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C3E000
|
| Size: |
8192
|
|
|
2B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B10000
|
| Size: |
4096
|
|
|
2726000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002726000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2726000
|
| Size: |
4096
|
|
|
34BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.00000000034BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34BE000
|
| Size: |
147456
|
|
|
28D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D3000
|
| Size: |
4096
|
|
|
2765000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002765000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2765000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2CEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CEA000
|
| Size: |
4096
|
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D37000
|
| Size: |
4096
|
|
|
54F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221218354.00000000054F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54F6000
|
| Size: |
40960
|
|
|
28EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28EC000
|
| Size: |
4096
|
|
|
22D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3508453542.00000000022D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22D0000
|
| Size: |
4096
|
|
|
4659000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004659000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4659000
|
| Size: |
12288
|
|
|
2E19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E19000
|
| Size: |
4096
|
|
|
2628000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002628000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2628000
|
| Size: |
4096
|
|
|
2E63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E63000
|
| Size: |
4096
|
|
|
88D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195383958.000000000088D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
88D000
|
| Size: |
4096
|
|
|
2BBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BBD000
|
| Size: |
12288
|
|
|
5F48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525790675.0000000005F48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F48000
|
| Size: |
16384
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3510776829.00000000033EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33EE000
|
| Size: |
8192
|
|
|
39AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000039AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39AB000
|
| Size: |
4096
|
|
|
280B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000280B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
280B000
|
| Size: |
4096
|
|
|
640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505902387.0000000000640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
640000
|
| Size: |
8192
|
|
|
9AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195620646.00000000009AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9AF000
|
| Size: |
4096
|
|
|
748000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.0000000000748000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
748000
|
| Size: |
16384
|
|
|
5B30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1072771984.0000000005B30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5B30000
|
| Size: |
65536
|
|
|
26EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26EF000
|
| Size: |
4096
|
|
|
2AAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AAF000
|
| Size: |
12288
|
|
|
5620000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071675746.0000000005620000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
1163264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220948502.0000000004F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F5E000
|
| Size: |
8192
|
|
|
2997000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002997000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2997000
|
| Size: |
4096
|
|
|
27C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27C9000
|
| Size: |
4096
|
|
|
5C4C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C4C000
|
| Size: |
12288
|
|
|
89B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195427495.000000000089B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
89B000
|
| Size: |
8192
|
|
|
3A3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003A3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A3B000
|
| Size: |
4096
|
|
|
3031000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003031000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3031000
|
| Size: |
4096
|
|
|
C55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059394726.0000000000C55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C55000
|
| Size: |
12288
|
|
|
29EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29EB000
|
| Size: |
4096
|
|
|
28CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28CB000
|
| Size: |
4096
|
|
|
27B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000027B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B1000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D14000
|
| Size: |
4096
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193093952.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
2A368400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A368400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368400000
|
| Size: |
28672
|
|
|
2C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C50000
|
| Size: |
4096
|
|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D61000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
348160
|
|
|
2662000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002662000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2662000
|
| Size: |
4096
|
|
|
5C64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005C64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C64000
|
| Size: |
258048
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3674000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003674000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3674000
|
| Size: |
8192
|
|
|
48FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000048FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48FF000
|
| Size: |
4096
|
|
|
2B26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B26000
|
| Size: |
40960
|
|
|
2A368640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180465412.000002A368640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368640000
|
| Size: |
4096
|
|
|
3033000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003033000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3033000
|
| Size: |
12288
|
|
|
37CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CE000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2B94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B94000
|
| Size: |
4096
|
|
|
26A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26A2000
|
| Size: |
4096
|
|
|
2803000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002803000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2803000
|
| Size: |
4096
|
|
|
5C3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073327700.0000000005C3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C3F000
|
| Size: |
4096
|
|
|
3A51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003A51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A51000
|
| Size: |
12288
|
|
|
59C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1223198976.00000000059C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59C0000
|
| Size: |
65536
|
|
|
2609000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002609000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2609000
|
| Size: |
4096
|
|
|
53E6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071557497.00000000053E6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53E6000
|
| Size: |
40960
|
|
|
C6A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1059492150.0000000000C6A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C6A000
|
| Size: |
4096
|
|
|
2E55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E55000
|
| Size: |
36864
|
|
|
9CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195888804.00000000009CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9CB000
|
| Size: |
4096
|
|
|
25E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E0000
|
| Size: |
4096
|
|
|
5860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222341400.0000000005860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5860000
|
| Size: |
4096
|
|
|
15A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506123373.00000000015A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15A2000
|
| Size: |
4096
|
|
|
2A9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A9A000
|
| Size: |
4096
|
|
|
28D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D1000
|
| Size: |
4096
|
|
|
2D3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D3C000
|
| Size: |
12288
|
|
|
5A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1223764309.0000000005A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A90000
|
| Size: |
4096
|
|
|
2A05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A05000
|
| Size: |
57344
|
|
|
302B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000302B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
302B000
|
| Size: |
4096
|
|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.00000000036B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B5000
|
| Size: |
167936
|
|
|
27AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27AC000
|
| Size: |
12288
|
|
|
25C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C5000
|
| Size: |
4096
|
|
|
2DAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DAF000
|
| Size: |
4096
|
|
|
2622000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002622000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2622000
|
| Size: |
4096
|
|
|
2F2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
4096
|
|
|
26C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C4000
|
| Size: |
4096
|
|
|
3910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3910000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2E6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E6C000
|
| Size: |
36864
|
|
|
2950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2950000
|
| Size: |
8192
|
|
|
2476000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3511075343.0000000002476000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2476000
|
| Size: |
8192
|
|
|
747000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.0000000000747000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
747000
|
| Size: |
188416
|
|
|
2DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA0000
|
| Size: |
4096
|
|
|
38C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.00000000038C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C2000
|
| Size: |
4096
|
|
|
2B3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B3B000
|
| Size: |
4096
|
|
|
5ABD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3525180966.0000000005ABD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABD000
|
| Size: |
12288
|
|
|
C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059441506.0000000000C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C60000
|
| Size: |
4096
|
|
|
2A38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A38000
|
| Size: |
4096
|
|
|
3046000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003046000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3046000
|
| Size: |
12288
|
|
|
525000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505299503.0000000000525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
525000
|
| Size: |
16384
|
|
|
54F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1221218354.00000000054F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54F0000
|
| Size: |
12288
|
|
|
4B4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3523297204.0000000004B4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B4E000
|
| Size: |
69632
|
|
|
2A73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A73000
|
| Size: |
57344
|
|
|
2BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
4096
|
|
|
605000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193001155.0000000000605000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
605000
|
| Size: |
12288
|
|
|
2E13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
12288
|
|
|
2BDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BDE000
|
| Size: |
122880
|
|
|
2D7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7F000
|
| Size: |
4096
|
|
|
586E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222341400.000000000586E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
586E000
|
| Size: |
8192
|
|
|
263D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000263D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
263D000
|
| Size: |
4096
|
|
|
273E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000273E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
273E000
|
| Size: |
4096
|
|
|
26D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D2000
|
| Size: |
4096
|
|
|
2A368435000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1180172050.000002A368435000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A368435000
|
| Size: |
176128
|
|
|
28DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28DD000
|
| Size: |
16384
|
|
|
25C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C7000
|
| Size: |
4096
|
|
|
3037000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003037000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3037000
|
| Size: |
4096
|
|
|
2F81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F81000
|
| Size: |
4096
|
|
|
7F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.00000000007F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F3000
|
| Size: |
311296
|
|
|
7050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526508241.0000000007050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7050000
|
| Size: |
8192
|
|
|
2AA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA9000
|
| Size: |
12288
|
|
|
2CD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD1000
|
| Size: |
4096
|
|
|
2C5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C5C000
|
| Size: |
4096
|
|
|
55AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1071656363.00000000055AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55AF000
|
| Size: |
4096
|
|
|
2C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C41000
|
| Size: |
4096
|
|
|
2CC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC7000
|
| Size: |
12288
|
|
|
4C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220620087.0000000004C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C8E000
|
| Size: |
8192
|
|
|
2A16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A16000
|
| Size: |
16384
|
|
|
2F2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2E000
|
| Size: |
4096
|
|
|
9B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195673328.00000000009B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
4096
|
|
|
7C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.00000000007C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C3000
|
| Size: |
49152
|
|
|
48EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.00000000048EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48EC000
|
| Size: |
16384
|
|
|
870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193935292.0000000000870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
8192
|
|
|
5D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073903481.0000000005D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5D70000
|
| Size: |
65536
|
|
|
880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1194091024.0000000000880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
4096
|
|
|
5F70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3526238040.0000000005F70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F70000
|
| Size: |
65536
|
|
|
2CCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCD000
|
| Size: |
4096
|
|
|
2A5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5C000
|
| Size: |
4096
|
|
|
890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195427495.0000000000890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
40960
|
|
|
2A89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A89000
|
| Size: |
4096
|
|
|
2B09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B09000
|
| Size: |
4096
|
|
|
2965000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002965000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2965000
|
| Size: |
4096
|
|
|
286C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000286C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
286C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3920000
|
| Size: |
12288
|
|
|
652000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506119675.0000000000652000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
652000
|
| Size: |
4096
|
|
|
2D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D0A000
|
| Size: |
20480
|
|
|
28B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28B6000
|
| Size: |
4096
|
|
|
2C95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C95000
|
| Size: |
4096
|
|
|
28C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C0000
|
| Size: |
8192
|
|
|
36B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000036B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B6000
|
| Size: |
4096
|
|
|
2D18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D18000
|
| Size: |
4096
|
|
|
27BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27BA000
|
| Size: |
4096
|
|
|
3012000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003012000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3012000
|
| Size: |
4096
|
|
|
4829000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004829000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
20480
|
|
|
2842000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002842000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2842000
|
| Size: |
4096
|
|
|
284B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000284B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
284B000
|
| Size: |
122880
|
|
|
28FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28FB000
|
| Size: |
36864
|
|
|
2669000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002669000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2669000
|
| Size: |
12288
|
|
|
2739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2739000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
393A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.000000000393A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393A000
|
| Size: |
4096
|
|
|
29FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FF000
|
| Size: |
4096
|
|
|
3110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3508472733.0000000003110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3110000
|
| Size: |
4096
|
|
|
2A7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A7B000
|
| Size: |
20480
|
|
|
266E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000266E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
266E000
|
| Size: |
4096
|
|
|
2439000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196305328.0000000002439000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2439000
|
| Size: |
12288
|
|
|
28F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000028F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F4000
|
| Size: |
4096
|
|
|
2DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DC0000
|
| Size: |
4096
|
|
|
2C2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002C2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C2B000
|
| Size: |
12288
|
|
|
2F28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F28000
|
| Size: |
4096
|
|
|
2EAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002EAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EAE000
|
| Size: |
4096
|
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3666000
|
| Size: |
12288
|
|
|
2AC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC7000
|
| Size: |
49152
|
|
|
269C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000269C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
269C000
|
| Size: |
4096
|
|
|
2E23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E23000
|
| Size: |
4096
|
|
|
3653000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3518981663.0000000003653000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3653000
|
| Size: |
4096
|
|
|
27B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
4096
|
|
|
2B1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1A000
|
| Size: |
4096
|
|
|
275A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000275A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
275A000
|
| Size: |
12288
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
311296
|
|
|
29B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000029B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B9000
|
| Size: |
4096
|
|
|
262C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000262C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
262C000
|
| Size: |
4096
|
|
|
2E99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E99000
|
| Size: |
4096
|
|
|
6430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527575996.0000000006430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6430000
|
| Size: |
4096
|
|
|
3496000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1213174586.0000000003496000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3496000
|
| Size: |
8192
|
|
|
39E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1070637470.00000000039E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E6000
|
| Size: |
806912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
777000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3506450172.0000000000777000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
777000
|
| Size: |
307200
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3524471738.0000000004C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C9E000
|
| Size: |
8192
|
|
|
5BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1073098860.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BF0000
|
| Size: |
65536
|
|
|
37D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37D3000
|
| Size: |
172032
|
|
|
5DC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3523992297.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DC0000
|
| Size: |
65536
|
|
|
2A86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A86000
|
| Size: |
4096
|
|
|
271D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000271D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
271D000
|
| Size: |
4096
|
|
|
2B1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1E000
|
| Size: |
4096
|
|
|
37FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37FE000
|
| Size: |
274432
|
|
|
2AC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002AC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC5000
|
| Size: |
4096
|
|
|
9BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1195780347.00000000009BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9BA000
|
| Size: |
4096
|
|
|
A2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1195932669.0000000000A2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A2E000
|
| Size: |
8192
|
|
|
2CC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC1000
|
| Size: |
4096
|
|
|
2CB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB4000
|
| Size: |
4096
|
|
|
3860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3860000
|
| Size: |
4096
|
|
|
2A6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6B000
|
| Size: |
4096
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1193121760.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
12288
|
|
|
4607000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004607000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4607000
|
| Size: |
4096
|
|
|
CCE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2878000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002878000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2878000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4E1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220812791.0000000004E1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1D000
|
| Size: |
12288
|
|
|
27CC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000027CC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27CC000
|
| Size: |
278528
|
|
|
2CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CFF000
|
| Size: |
4096
|
|
|
2A56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A56000
|
| Size: |
4096
|
|
|
60F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527289220.00000000060F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60F0000
|
| Size: |
4096
|
|
|
2E42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E42000
|
| Size: |
4096
|
|
|
5961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.0000000005961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5961000
|
| Size: |
16384
|
|
|
2BFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BFD000
|
| Size: |
12288
|
|
|
684000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1048518136.0000000000684000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
684000
|
| Size: |
4096
|
|
|
30BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3507947671.00000000030BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BE000
|
| Size: |
8192
|
|
|
2656000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002656000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2656000
|
| Size: |
4096
|
|
|
596D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3519852224.000000000596D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
596D000
|
| Size: |
16384
|
|
|
2BB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BB7000
|
| Size: |
4096
|
|
|
C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059268028.0000000000C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C0E000
|
| Size: |
8192
|
|
|
2634000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002634000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2634000
|
| Size: |
8192
|
|
|
2ABB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABB000
|
| Size: |
4096
|
|
|
2749000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002749000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2749000
|
| Size: |
12288
|
|
|
2F87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F87000
|
| Size: |
4096
|
|
|
A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196146943.0000000000A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
16384
|
|
|
3039000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000003039000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3039000
|
| Size: |
49152
|
|
|
2948000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002948000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2948000
|
| Size: |
4096
|
|
|
2F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9C000
|
| Size: |
4096
|
|
|
2847000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.0000000002847000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2847000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3522655919.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C50000
|
| Size: |
12288
|
|
|
2957000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002957000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2957000
|
| Size: |
36864
|
|
|
2A3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002A3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A3A000
|
| Size: |
65536
|
|
|
2E87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E87000
|
| Size: |
12288
|
|
|
2DA3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002DA3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA3000
|
| Size: |
36864
|
|
|
5910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1222940579.0000000005910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5910000
|
| Size: |
65536
|
|
|
2E95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E95000
|
| Size: |
4096
|
|
|
2FA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002FA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA6000
|
| Size: |
438272
|
|
|
7035000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526245472.0000000007035000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7035000
|
| Size: |
45056
|
|
|
4949000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.0000000004949000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4949000
|
| Size: |
4096
|
|
|
49FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1220095811.00000000049FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49FE000
|
| Size: |
8192
|
|
|
D06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059627519.0000000000D06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D06000
|
| Size: |
319488
|
|
|
2B0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B0B000
|
| Size: |
16384
|
|
|
667000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3506301056.0000000000667000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
667000
|
| Size: |
4096
|
|
|
290F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000290F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
290F000
|
| Size: |
299008
|
|
|
485B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3517877322.000000000485B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
485B000
|
| Size: |
4096
|
|
|
302F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.000000000302F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
302F000
|
| Size: |
4096
|
|
|
2853000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002853000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2853000
|
| Size: |
4096
|
|
|
30C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3507998219.00000000030C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30C0000
|
| Size: |
65536
|
|
|
5D60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1073860902.0000000005D60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5D60000
|
| Size: |
65536
|
|
|
266D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000266D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
266D000
|
| Size: |
147456
|
|
|
162D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.000000000162D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162D000
|
| Size: |
110592
|
|
|
37C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C0000
|
| Size: |
8192
|
|
|
2CE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE2000
|
| Size: |
4096
|
|
|
65C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3527601418.00000000065C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65C0000
|
| Size: |
8192
|
|
|
26B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B7000
|
| Size: |
4096
|
|
|
27B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000027B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B8000
|
| Size: |
4096
|
|
|
26DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000026DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26DA000
|
| Size: |
4096
|
|
|
610000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3505508757.0000000000610000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
610000
|
| Size: |
4096
|
|
|
3707000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.0000000003707000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3707000
|
| Size: |
8192
|
|
|
25E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.00000000025E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E8000
|
| Size: |
4096
|
|
|
2B56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002B56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B56000
|
| Size: |
4096
|
|
|
2AC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC3000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
272C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.000000000272C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
272C000
|
| Size: |
4096
|
|
|
435000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3504497907.0000000000435000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
435000
|
| Size: |
4096
|
|
|
2BCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002BCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BCA000
|
| Size: |
4096
|
|
|
2591000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.0000000002591000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2591000
|
| Size: |
4096
|
|
|
15E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3506480239.00000000015E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E8000
|
| Size: |
118784
|
|
|
262F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1196368845.000000000262F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
262F000
|
| Size: |
20480
|
|
|
7060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3526628870.0000000007060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7060000
|
| Size: |
40960
|
|
|
37C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.00000000037C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C8000
|
| Size: |
4096
|
|
|
2F0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F0F000
|
| Size: |
4096
|
|
|
2E04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002E04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E04000
|
| Size: |
12288
|
|
|
2A66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002A66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A66000
|
| Size: |
4096
|
|
|
2F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9E000
|
| Size: |
4096
|
|
|
392C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3511344558.000000000392C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392C000
|
| Size: |
12288
|
|
|
2D8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060739593.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8C000
|
| Size: |
4096
|
|
|
E8FFDFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1179958438.000000E8FFDFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8FFDFE000
|
| Size: |
8192
|
|
|
28D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3512080381.00000000028D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D3000
|
| Size: |
12288
|
|
