|
2D67000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000005.00000002.3321635373.0000000002D67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D67000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3559000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.0000000003559000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3559000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000028A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28A1000
|
| Size: |
692224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2AD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD1000
|
| Size: |
684032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3A19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.912315937.0000000003A19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A19000
|
| Size: |
2392064
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6E000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3317214203.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C9F000
|
| Size: |
356352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2B35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B35000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C63000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
237FFAA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2818871181.00000237FFAA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAA6000
|
| Size: |
12288
|
|
|
D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319073858.0000000000D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
4096
|
|
|
AD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909704542.0000000000AD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD2000
|
| Size: |
4096
|
|
|
AA5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318712087.0000000000AA5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AA5000
|
| Size: |
4096
|
|
|
22E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949680073.00000000022E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22E3000
|
| Size: |
12288
|
|
|
B04C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959035043.000000000B04C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B04C000
|
| Size: |
16384
|
|
|
2B8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B8F000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7230000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914688260.0000000007230000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7230000
|
| Size: |
413696
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
5C6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328269220.0000000005C6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C6E000
|
| Size: |
8192
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317734834.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
8192
|
|
|
AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319050287.0000000000AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF0000
|
| Size: |
4096
|
|
|
237FFA8A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFA8A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA8A000
|
| Size: |
4096
|
|
|
10D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320696942.00000000010D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10D0000
|
| Size: |
65536
|
|
|
580D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956227861.000000000580D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
580D000
|
| Size: |
110592
|
|
|
62C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3329990598.00000000062C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
62C0000
|
| Size: |
32768
|
|
|
5120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913649241.0000000005120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5120000
|
| Size: |
4096
|
|
|
29E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E8000
|
| Size: |
4096
|
|
|
24C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.950049466.00000000024C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
24C0000
|
| Size: |
4096
|
|
|
6450000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3330190466.0000000006450000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6450000
|
| Size: |
4096
|
|
|
49FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49FD000
|
| Size: |
16384
|
|
|
35BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.00000000035BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35BA000
|
| Size: |
4096
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320484885.0000000000E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
8192
|
|
|
CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318508339.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
16384
|
|
|
2920000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.910810702.0000000002920000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2920000
|
| Size: |
65536
|
|
|
5000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913488234.0000000005000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
65536
|
|
|
2C2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C2C000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
238053C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815942238.00000238053C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
238053C0000
|
| Size: |
4096
|
|
|
B4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B4E000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
5650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328915874.0000000005650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5650000
|
| Size: |
65536
|
|
|
22F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949722552.00000000022F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22F0000
|
| Size: |
4096
|
|
|
23805100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2821055537.0000023805100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805100000
|
| Size: |
4096
|
|
|
3B3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B3A000
|
| Size: |
4096
|
|
|
23804DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203873715.0000023804DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DE0000
|
| Size: |
204800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
237FFA79000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFA79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA79000
|
| Size: |
4096
|
|
|
AE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909760808.0000000000AE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AE2000
|
| Size: |
4096
|
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320888951.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A0000
|
| Size: |
4096
|
|
|
62B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3329884966.00000000062B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
62B0000
|
| Size: |
65536
|
|
|
421000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3317198665.0000000000421000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
421000
|
| Size: |
4096
|
|
|
538A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328159148.000000000538A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
538A000
|
| Size: |
12288
|
|
|
6310000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3330134484.0000000006310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6310000
|
| Size: |
8192
|
|
|
BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317760152.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
4096
|
|
|
7A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.00000000007A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A3000
|
| Size: |
409600
|
|
|
82F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.000000000082F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82F000
|
| Size: |
196608
|
|
|
51C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913800457.00000000051C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51C0000
|
| Size: |
4096
|
|
|
22F6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949767924.00000000022F6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22F6000
|
| Size: |
8192
|
|
|
27BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321297745.00000000027BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
8192
|
|
|
A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317790738.0000000000A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A1E000
|
| Size: |
8192
|
|
|
23804F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203828606.0000023804F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F40000
|
| Size: |
8192
|
|
|
6B30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.956878474.0000000006B30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B30000
|
| Size: |
49152
|
|
|
357F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887857411.000000000357F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
357F000
|
| Size: |
4096
|
|
|
462000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.859797485.0000000000462000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
462000
|
| Size: |
577536
|
|
|
29B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.911152780.00000000029B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B1000
|
| Size: |
507904
|
|
|
2930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910835548.0000000002930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2930000
|
| Size: |
4096
|
|
|
6EFAFAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819051900.0000006EFAFAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFAFAB000
|
| Size: |
20480
|
|
|
49EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49EE000
|
| Size: |
8192
|
|
|
60EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329098956.00000000060EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60EE000
|
| Size: |
8192
|
|
|
618E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329858792.000000000618E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
618E000
|
| Size: |
8192
|
|
|
2B2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B2B000
|
| Size: |
4096
|
|
|
BABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915822920.000000000BABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BABE000
|
| Size: |
8192
|
|
|
49F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49F1000
|
| Size: |
16384
|
|
|
2D2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D2D000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2A6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6E000
|
| Size: |
4096
|
|
|
4B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955211752.0000000004B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B40000
|
| Size: |
4096
|
|
|
2953000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002953000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2953000
|
| Size: |
8192
|
|
|
FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
32768
|
|
|
72A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.914837039.00000000072A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
72A0000
|
| Size: |
53248
|
|
|
237FFA6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819981968.00000237FFA6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA6F000
|
| Size: |
4096
|
|
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318377687.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A8D000
|
| Size: |
4096
|
|
|
5A6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A6C000
|
| Size: |
12288
|
|
|
23804F80000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1205101781.0000023804F80000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F80000
|
| Size: |
4096
|
|
|
2C1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1C000
|
| Size: |
4096
|
|
|
AF4B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958939706.000000000AF4B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF4B000
|
| Size: |
20480
|
|
|
E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320430276.0000000000E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E1E000
|
| Size: |
8192
|
|
|
2C48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C48000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
72EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914873396.00000000072EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72EE000
|
| Size: |
8192
|
|
|
22E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949659564.00000000022E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22E0000
|
| Size: |
8192
|
|
|
22D3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949603733.00000000022D3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22D3000
|
| Size: |
4096
|
|
|
23804EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204506780.0000023804EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804EB0000
|
| Size: |
4096
|
|
|
80C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.000000000080C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80C000
|
| Size: |
12288
|
|
|
2960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910946132.0000000002960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2960000
|
| Size: |
65536
|
|
|
50A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327890008.00000000050A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50A0000
|
| Size: |
4096
|
|
|
4FF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955883472.0000000004FF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FF4000
|
| Size: |
45056
|
|
|
628E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329892435.000000000628E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
628E000
|
| Size: |
8192
|
|
|
99F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949443221.000000000099F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99F000
|
| Size: |
4096
|
|
|
CF7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3319007412.0000000000CF7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CF7000
|
| Size: |
4096
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3317198665.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
B97C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915759216.000000000B97C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B97C000
|
| Size: |
16384
|
|
|
23800000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820536225.0000023800000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800000000
|
| Size: |
4096
|
|
|
4E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955475106.0000000004E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1E000
|
| Size: |
8192
|
|
|
2AE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AE3000
|
| Size: |
4096
|
|
|
237FFA9C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFA9C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA9C000
|
| Size: |
20480
|
|
|
422000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3317214203.0000000000422000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
422000
|
| Size: |
4096
|
|
|
29EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29EC000
|
| Size: |
4096
|
|
|
5180000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913697044.0000000005180000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5180000
|
| Size: |
69632
|
|
|
2DCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DCB000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
ABD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909602328.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABD000
|
| Size: |
4096
|
|
|
54AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328561007.00000000054AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54AF000
|
| Size: |
4096
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954222467.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
65536
|
|
|
23806000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2817355903.0000023806000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23806000000
|
| Size: |
4096
|
|
|
6EFB47E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819121559.0000006EFB47E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFB47E000
|
| Size: |
4096
|
|
|
29E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E4000
|
| Size: |
4096
|
|
|
B18F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915506708.000000000B18F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B18F000
|
| Size: |
4096
|
|
|
C39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000C39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C39000
|
| Size: |
4096
|
|
|
2BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD0000
|
| Size: |
4096
|
|
|
B18E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959216596.000000000B18E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B18E000
|
| Size: |
8192
|
|
|
2380011A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1256065462.000002380011A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380011A000
|
| Size: |
4096
|
|
|
AEB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909797714.0000000000AEB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AEB000
|
| Size: |
4096
|
|
|
D60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3319187835.0000000000D60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D60000
|
| Size: |
65536
|
|
|
6BA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.922799023.00000000006BA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BA000
|
| Size: |
24576
|
|
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3327732422.00000000050D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50D0000
|
| Size: |
65536
|
|
|
29A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A7000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
58B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956611206.00000000058B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58B0000
|
| Size: |
4096
|
|
|
36D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.00000000036D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D6000
|
| Size: |
4096
|
|
|
4FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955725485.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FA0000
|
| Size: |
65536
|
|
|
2A6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A6A000
|
| Size: |
8192
|
|
|
BA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319386328.0000000000BA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA7000
|
| Size: |
139264
|
|
|
767E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914957869.000000000767E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
767E000
|
| Size: |
8192
|
|
|
23800104000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816704620.0000023800104000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800104000
|
| Size: |
16384
|
|
|
5EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328969370.0000000005EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EEE000
|
| Size: |
8192
|
|
|
5470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328050979.0000000005470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5470000
|
| Size: |
53248
|
|
|
2B8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B8A000
|
| Size: |
8192
|
|
|
4E5E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.955578148.0000000004E5E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4E5E000
|
| Size: |
4096
|
|
|
546E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328006514.000000000546E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546E000
|
| Size: |
8192
|
|
|
B1CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959252481.000000000B1CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1CE000
|
| Size: |
8192
|
|
|
A92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318484543.0000000000A92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A92000
|
| Size: |
4096
|
|
|
23804ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805908237.0000023804ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804ED0000
|
| Size: |
4096
|
|
|
EAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EAE000
|
| Size: |
45056
|
|
|
76BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914976365.00000000076BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76BE000
|
| Size: |
8192
|
|
|
517E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913671954.000000000517E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517E000
|
| Size: |
8192
|
|
|
5640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328785440.0000000005640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5640000
|
| Size: |
20480
|
|
|
5A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A50000
|
| Size: |
61440
|
|
|
6CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957005323.0000000006CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CBE000
|
| Size: |
8192
|
|
|
294A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910886304.000000000294A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294A000
|
| Size: |
24576
|
|
|
6EFD67E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819544017.0000006EFD67E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFD67E000
|
| Size: |
4096
|
|
|
4F3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913387934.0000000004F3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F3C000
|
| Size: |
16384
|
|
|
621A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329462540.000000000621A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
621A000
|
| Size: |
24576
|
|
|
5FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317608406.00000000005FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FE000
|
| Size: |
8192
|
|
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318420134.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CBD000
|
| Size: |
4096
|
|
|
23805480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805400118.0000023805480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23805480000
|
| Size: |
4096
|
|
|
237FFAAF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820319477.00000237FFAAF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAAF000
|
| Size: |
40960
|
|
|
55EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328591796.00000000055EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55EE000
|
| Size: |
8192
|
|
|
5836000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956227861.0000000005836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5836000
|
| Size: |
57344
|
|
|
22D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949581836.00000000022D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22D0000
|
| Size: |
8192
|
|
|
2A5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5E000
|
| Size: |
45056
|
|
|
582C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956227861.000000000582C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
582C000
|
| Size: |
36864
|
|
|
34F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.00000000034F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F1000
|
| Size: |
28672
|
|
|
237FFB13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820474823.00000237FFB13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFB13000
|
| Size: |
12288
|
|
|
2BDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BDC000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321465278.0000000002A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
57344
|
|
|
B30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909843425.0000000000B30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B30000
|
| Size: |
65536
|
|
|
AA7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318755446.0000000000AA7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AA7000
|
| Size: |
4096
|
|
|
6480000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3330366463.0000000006480000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6480000
|
| Size: |
65536
|
|
|
23804DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808237255.0000023804DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DD0000
|
| Size: |
4096
|
|
|
A73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318132481.0000000000A73000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A73000
|
| Size: |
4096
|
|
|
4D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955303987.0000000004D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D30000
|
| Size: |
8192
|
|
|
DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910400512.0000000000DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
65536
|
|
|
2BE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002BE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE4000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
630E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330018167.000000000630E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
630E000
|
| Size: |
8192
|
|
|
2380502C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820640065.000002380502C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380502C000
|
| Size: |
69632
|
|
|
29A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A3000
|
| Size: |
8192
|
|
|
600E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329055758.000000000600E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
600E000
|
| Size: |
8192
|
|
|
23804E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204004837.0000023804E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E20000
|
| Size: |
4096
|
|
|
32CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887689967.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32CA000
|
| Size: |
102400
|
|
|
51D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913821500.00000000051D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
12288
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909404707.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
CDD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318676488.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CDD000
|
| Size: |
4096
|
|
|
61EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329137722.00000000061EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61EF000
|
| Size: |
4096
|
|
|
23804D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816204065.0000023804D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804D60000
|
| Size: |
4096
|
|
|
6EFC77C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819459905.0000006EFC77C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFC77C000
|
| Size: |
16384
|
|
|
4D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327414763.0000000004D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D3E000
|
| Size: |
8192
|
|
|
CB3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318220989.0000000000CB3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CB3000
|
| Size: |
4096
|
|
|
23804EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815129056.0000023804EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804EB0000
|
| Size: |
4096
|
|
|
237FFA5C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819981968.00000237FFA5C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA5C000
|
| Size: |
49152
|
|
|
61F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329169148.00000000061F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
61F8000
|
| Size: |
8192
|
|
|
238050C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820759088.00000238050C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050C3000
|
| Size: |
4096
|
|
|
468C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953728031.000000000468C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
468C000
|
| Size: |
16384
|
|
|
5F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329013564.0000000005F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F2E000
|
| Size: |
8192
|
|
|
2D0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D0F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
393C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.000000000393C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393C000
|
| Size: |
114688
|
|
|
5AB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914238057.0000000005AB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AB5000
|
| Size: |
233472
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
23800D21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814911118.0000023800D21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23800D21000
|
| Size: |
4096
|
|
|
2302000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949832089.0000000002302000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2302000
|
| Size: |
4096
|
|
|
AB3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909565038.0000000000AB3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AB3000
|
| Size: |
4096
|
|
|
2A09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A09000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5098000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327732926.0000000005098000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5098000
|
| Size: |
32768
|
|
|
29F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F4000
|
| Size: |
4096
|
|
|
2981000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002981000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2981000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
644E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330134019.000000000644E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
644E000
|
| Size: |
8192
|
|
|
328E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887471863.000000000328E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
328E000
|
| Size: |
8192
|
|
|
6A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330579300.0000000006A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A00000
|
| Size: |
8192
|
|
|
2A51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A51000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6460000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330231262.0000000006460000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6460000
|
| Size: |
57344
|
|
|
2980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910993373.0000000002980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2980000
|
| Size: |
4096
|
|
|
C55000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319386328.0000000000C55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C55000
|
| Size: |
4096
|
|
|
4AC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954607973.0000000004AC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AC2000
|
| Size: |
57344
|
|
|
4DD0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.955457325.0000000004DD0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
2B99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B99000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.0000000003909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3909000
|
| Size: |
4096
|
|
|
B2D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959362047.000000000B2D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B2D0000
|
| Size: |
4096
|
|
|
6520000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3330547816.0000000006520000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6520000
|
| Size: |
4096
|
|
|
2AFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AFB000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
D98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000D98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D98000
|
| Size: |
135168
|
|
|
AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949505775.0000000000AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AE0000
|
| Size: |
32768
|
|
|
237FF900000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819673428.00000237FF900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FF900000
|
| Size: |
4096
|
|
|
AF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317670131.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF7000
|
| Size: |
36864
|
|
|
2B8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B8D000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
23804F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815438102.0000023804F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F20000
|
| Size: |
4096
|
|
|
B28D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915530810.000000000B28D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B28D000
|
| Size: |
12288
|
|
|
2A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.924043317.0000000002A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1E000
|
| Size: |
8192
|
|
|
C3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C3C000
|
| Size: |
12288
|
|
|
2C24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C24000
|
| Size: |
8192
|
|
|
23804EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805557876.0000023804EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804EE0000
|
| Size: |
4096
|
|
|
614F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329817662.000000000614F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
614F000
|
| Size: |
4096
|
|
|
2B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B2F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319388147.0000000000D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
4096
|
|
|
5D6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328310031.0000000005D6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D6F000
|
| Size: |
4096
|
|
|
237FFA91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFA91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA91000
|
| Size: |
40960
|
|
|
4A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954364794.0000000004A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A40000
|
| Size: |
65536
|
|
|
D84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319388147.0000000000D84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D84000
|
| Size: |
4096
|
|
|
6EFB87E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819242517.0000006EFB87E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFB87E000
|
| Size: |
4096
|
|
|
23805000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820595071.0000023805000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805000000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329586013.0000000006220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6220000
|
| Size: |
65536
|
|
|
2380505E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820681636.000002380505E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380505E000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2D28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D28000
|
| Size: |
4096
|
|
|
AEA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949505775.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AEA000
|
| Size: |
20480
|
|
|
57C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956015881.00000000057C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C1000
|
| Size: |
12288
|
|
|
460000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.859780304.0000000000460000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
460000
|
| Size: |
4096
|
|
|
61F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329169148.00000000061F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
61F0000
|
| Size: |
8192
|
|
|
CFB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3319043205.0000000000CFB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CFB000
|
| Size: |
4096
|
|
|
6071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.0000000006071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6071000
|
| Size: |
28672
|
|
|
23804F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203956901.0000023804F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F30000
|
| Size: |
4096
|
|
|
2BB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BB1000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
23804EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815197871.0000023804EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804EC0000
|
| Size: |
12288
|
|
|
4EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327461693.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
65536
|
|
|
2D55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D55000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2B29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B29000
|
| Size: |
4096
|
|
|
3671000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.0000000003671000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3671000
|
| Size: |
4096
|
|
|
298E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320859414.000000000298E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298E000
|
| Size: |
8192
|
|
|
AA6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958418259.000000000AA6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA6D000
|
| Size: |
12288
|
|
|
B5CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915661106.000000000B5CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5CE000
|
| Size: |
8192
|
|
|
5370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913948167.0000000005370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5370000
|
| Size: |
65536
|
|
|
F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320557959.0000000000F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F8E000
|
| Size: |
8192
|
|
|
2890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.923167340.0000000002890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2890000
|
| Size: |
20480
|
|
|
28E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910762261.00000000028E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E0000
|
| Size: |
65536
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
24576
|
|
|
EA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EA6000
|
| Size: |
8192
|
|
|
5390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328334636.0000000005390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5390000
|
| Size: |
8192
|
|
|
4AB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.954549753.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AB0000
|
| Size: |
65536
|
|
|
2BD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD4000
|
| Size: |
4096
|
|
|
532E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327926181.000000000532E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
532E000
|
| Size: |
8192
|
|
|
2BC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC7000
|
| Size: |
8192
|
|
|
EBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EBA000
|
| Size: |
8192
|
|
|
B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319289119.0000000000B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B90000
|
| Size: |
65536
|
|
|
238050FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820976602.00000238050FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050FA000
|
| Size: |
4096
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909828478.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
4096
|
|
|
100A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910676161.000000000100A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100A000
|
| Size: |
20480
|
|
|
108F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320597984.000000000108F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
108F000
|
| Size: |
4096
|
|
|
360C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.000000000360C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
360C000
|
| Size: |
4096
|
|
|
602E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329061656.000000000602E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
602E000
|
| Size: |
8192
|
|
|
38C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.00000000038C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C9000
|
| Size: |
176128
|
|
|
237FFA2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819815024.00000237FFA2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA2B000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2C7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C7F000
|
| Size: |
4096
|
|
|
539B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328334636.000000000539B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
539B000
|
| Size: |
20480
|
|
|
3B55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003B55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B55000
|
| Size: |
8192
|
|
|
2B81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B81000
|
| Size: |
8192
|
|
|
2A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A5B000
|
| Size: |
8192
|
|
|
294E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.000000000294E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294E000
|
| Size: |
16384
|
|
|
237FFAAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2818871181.00000237FFAAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAAA000
|
| Size: |
8192
|
|
|
FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FDE000
|
| Size: |
8192
|
|
|
C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318018040.0000000000C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C7E000
|
| Size: |
8192
|
|
|
2A71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A71000
|
| Size: |
16384
|
|
|
CE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318771359.0000000000CE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE2000
|
| Size: |
4096
|
|
|
4EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327592633.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
4096
|
|
|
2380501F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820595071.000002380501F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380501F000
|
| Size: |
49152
|
|
|
3AF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF9000
|
| Size: |
180224
|
|
|
EBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EBE000
|
| Size: |
4096
|
|
|
B48E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915607327.000000000B48E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B48E000
|
| Size: |
8192
|
|
|
50A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327890008.00000000050A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50A3000
|
| Size: |
8192
|
|
|
24D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950071369.00000000024D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
24D0000
|
| Size: |
65536
|
|
|
237FFA13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819777801.00000237FFA13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA13000
|
| Size: |
94208
|
|
|
C05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000C05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C05000
|
| Size: |
200704
|
|
|
49D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49D0000
|
| Size: |
12288
|
|
|
237FFAFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814825108.00000237FFAFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAFE000
|
| Size: |
12288
|
|
|
58C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956611206.00000000058C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58C0000
|
| Size: |
69632
|
|
|
FE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FE1000
|
| Size: |
16384
|
|
|
22D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949622899.00000000022D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22D4000
|
| Size: |
4096
|
|
|
AA70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958534391.000000000AA70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AA70000
|
| Size: |
4096
|
|
|
2AD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD8000
|
| Size: |
4096
|
|
|
237FFB06000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820408141.00000237FFB06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFB06000
|
| Size: |
28672
|
|
|
53A3000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3328502232.00000000053A3000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
53A3000
|
| Size: |
4096
|
|
|
2C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C20000
|
| Size: |
4096
|
|
|
237FFA74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819981968.00000237FFA74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA74000
|
| Size: |
8192
|
|
|
5A68000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A68000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A68000
|
| Size: |
4096
|
|
|
2E28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002E28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E28000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914459900.0000000006C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C50000
|
| Size: |
532480
|
|
|
AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318935927.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AE0000
|
| Size: |
65536
|
|
|
57B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956015881.00000000057B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57B3000
|
| Size: |
40960
|
|
|
5384000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328159148.0000000005384000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5384000
|
| Size: |
12288
|
|
|
B60E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915682123.000000000B60E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B60E000
|
| Size: |
8192
|
|
|
2940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910886304.0000000002940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2940000
|
| Size: |
36864
|
|
|
49D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49D4000
|
| Size: |
16384
|
|
|
6EFB67E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819181942.0000006EFB67E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFB67E000
|
| Size: |
4096
|
|
|
2BD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD8000
|
| Size: |
12288
|
|
|
ADEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958856029.000000000ADEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ADEE000
|
| Size: |
8192
|
|
|
6EFB577000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819152009.0000006EFB577000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFB577000
|
| Size: |
36864
|
|
|
5B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914375786.0000000005B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B50000
|
| Size: |
4096
|
|
|
23805086000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820759088.0000023805086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805086000
|
| Size: |
118784
|
|
|
57C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956015881.00000000057C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C5000
|
| Size: |
4096
|
|
|
2B79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B79000
|
| Size: |
8192
|
|
|
23804E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203975237.0000023804E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E10000
|
| Size: |
8192
|
|
|
51D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913821500.00000000051D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51D5000
|
| Size: |
40960
|
|
|
52DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913880941.00000000052DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52DD000
|
| Size: |
12288
|
|
|
2A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.924209771.0000000002A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A5E000
|
| Size: |
8192
|
|
|
AB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909582205.0000000000AB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AB4000
|
| Size: |
4096
|
|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D31000
|
| Size: |
131072
|
|
|
5380000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.913989192.0000000005380000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5380000
|
| Size: |
65536
|
|
|
AD6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909722602.0000000000AD6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AD6000
|
| Size: |
8192
|
|
|
B87000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B87000
|
| Size: |
385024
|
|
|
FCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FCB000
|
| Size: |
69632
|
|
|
237FFB17000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820474823.00000237FFB17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFB17000
|
| Size: |
8192
|
|
|
A9A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318586944.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A9A000
|
| Size: |
8192
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317878068.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
16384
|
|
|
AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909687593.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
4096
|
|
|
23804F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816364337.0000023804F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F30000
|
| Size: |
4096
|
|
|
299F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.000000000299F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
299F000
|
| Size: |
8192
|
|
|
1000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910676161.0000000001000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1000000
|
| Size: |
32768
|
|
|
50FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955959837.00000000050FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FD000
|
| Size: |
12288
|
|
|
6E52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914656562.0000000006E52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E52000
|
| Size: |
32768
|
|
|
53A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3328502232.00000000053A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
53A0000
|
| Size: |
4096
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.859937964.00000000004F0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F0000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
23804F80000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1205078577.0000023804F80000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F80000
|
| Size: |
4096
|
|
|
50E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3327854704.00000000050E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
AC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909651019.0000000000AC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC3000
|
| Size: |
28672
|
|
|
61F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329169148.00000000061F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
61F6000
|
| Size: |
4096
|
|
|
3620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887887866.0000000003620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3620000
|
| Size: |
16384
|
|
|
23800113000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2817190194.0000023800113000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800113000
|
| Size: |
28672
|
|
|
2DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD4000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
B82000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B82000
|
| Size: |
4096
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947721419.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
8192
|
|
|
5630000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3328672718.0000000005630000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5630000
|
| Size: |
65536
|
|
|
4A16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954138447.0000000004A16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A16000
|
| Size: |
40960
|
|
|
4A35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954285552.0000000004A35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A35000
|
| Size: |
45056
|
|
|
2C91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C91000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
373C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.000000000373C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
373C000
|
| Size: |
4096
|
|
|
392E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.000000000392E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
6300000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3330098817.0000000006300000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6300000
|
| Size: |
4096
|
|
|
57F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956227861.00000000057F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57F3000
|
| Size: |
102400
|
|
|
5F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329017946.0000000005F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F0E000
|
| Size: |
8192
|
|
|
795000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.0000000000795000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
795000
|
| Size: |
32768
|
|
|
542E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327962372.000000000542E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
542E000
|
| Size: |
8192
|
|
|
6EFC07E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819430940.0000006EFC07E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFC07E000
|
| Size: |
4096
|
|
|
32C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887689967.00000000032C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32C0000
|
| Size: |
32768
|
|
|
76E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.000000000076E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76E000
|
| Size: |
98304
|
|
|
DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320367968.0000000000DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDE000
|
| Size: |
8192
|
|
|
2A32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A32000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2B23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B23000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
29F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F0000
|
| Size: |
4096
|
|
|
10CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320658798.00000000010CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10CE000
|
| Size: |
8192
|
|
|
AC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909620543.0000000000AC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC0000
|
| Size: |
8192
|
|
|
39B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.912315937.00000000039B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B9000
|
| Size: |
4096
|
|
|
B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319157802.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
16384
|
|
|
230B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949874769.000000000230B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
230B000
|
| Size: |
4096
|
|
|
8C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915062779.0000000008C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C7E000
|
| Size: |
8192
|
|
|
9C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909481473.00000000009C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C5000
|
| Size: |
12288
|
|
|
2E9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947233711.00000000002E9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9000
|
| Size: |
28672
|
|
|
6210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329462540.0000000006210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6210000
|
| Size: |
20480
|
|
|
3519000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.0000000003519000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3519000
|
| Size: |
180224
|
|
|
4AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954740531.0000000004AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
65536
|
|
|
6250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329823807.0000000006250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6250000
|
| Size: |
32768
|
|
|
2B96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B96000
|
| Size: |
8192
|
|
|
237FFF90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820514677.00000237FFF90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
237FFF90000
|
| Size: |
4096
|
|
|
3AD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003AD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AD1000
|
| Size: |
32768
|
|
|
4B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955191936.0000000004B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B30000
|
| Size: |
4096
|
|
|
2956000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002956000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2956000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2970000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.910969955.0000000002970000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2970000
|
| Size: |
65536
|
|
|
E7D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320465875.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E7D000
|
| Size: |
73728
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909422082.0000000000900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
8192
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327732926.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
28672
|
|
|
6EFD5FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819519002.0000006EFD5FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFD5FE000
|
| Size: |
8192
|
|
|
2910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910791567.0000000002910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2910000
|
| Size: |
4096
|
|
|
AE7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909779307.0000000000AE7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AE7000
|
| Size: |
4096
|
|
|
237FFA00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819699227.00000237FFA00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA00000
|
| Size: |
40960
|
|
|
A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318060575.0000000000A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
8192
|
|
|
23804DE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1266531254.0000023804DE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DE1000
|
| Size: |
4096
|
|
|
5A74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A74000
|
| Size: |
4096
|
|
|
57C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956015881.00000000057C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C9000
|
| Size: |
8192
|
|
|
4DB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955336420.0000000004DB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DB8000
|
| Size: |
24576
|
|
|
EC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EC1000
|
| Size: |
16384
|
|
|
6066000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.0000000006066000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6066000
|
| Size: |
8192
|
|
|
5DCB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328348011.0000000005DCB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DCB000
|
| Size: |
8192
|
|
|
51A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913731245.00000000051A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
65536
|
|
|
2380011A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1251745660.000002380011A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380011A000
|
| Size: |
4096
|
|
|
29CF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.923593523.00000000029CF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
29CF000
|
| Size: |
4096
|
|
|
23804ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805950013.0000023804ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804ED0000
|
| Size: |
4096
|
|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D61000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
809000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.0000000000809000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
809000
|
| Size: |
4096
|
|
|
536E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328004693.000000000536E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
536E000
|
| Size: |
8192
|
|
|
2C83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C83000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
23800002000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820536225.0000023800002000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800002000
|
| Size: |
4096
|
|
|
25E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950138699.00000000025E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E7000
|
| Size: |
4235264
|
|
|
BCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319386328.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BCA000
|
| Size: |
16384
|
|
|
237FFA0B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819699227.00000237FFA0B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA0B000
|
| Size: |
28672
|
|
|
4DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955336420.0000000004DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
28672
|
|
|
23804E24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1204004837.0000023804E24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E24000
|
| Size: |
4096
|
|
|
94E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909440927.000000000094E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
94E000
|
| Size: |
8192
|
|
|
3B5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003B5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B5E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2D15000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D15000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D15000
|
| Size: |
4096
|
|
|
6F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957158465.0000000006F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F1E000
|
| Size: |
8192
|
|
|
2A76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A76000
|
| Size: |
16384
|
|
|
237FFAA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820319477.00000237FFAA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAA8000
|
| Size: |
4096
|
|
|
F28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910525456.0000000000F28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F28000
|
| Size: |
4096
|
|
|
A86E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957993281.000000000A86E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A86E000
|
| Size: |
8192
|
|
|
2DDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DDE000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5B88000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914375786.0000000005B88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B88000
|
| Size: |
4096
|
|
|
4AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954670654.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AD0000
|
| Size: |
36864
|
|
|
B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909814541.0000000000B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
4096
|
|
|
B8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319246119.0000000000B8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8D000
|
| Size: |
12288
|
|
|
29D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.923976516.00000000029D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29D0000
|
| Size: |
4096
|
|
|
3924000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.0000000003924000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3924000
|
| Size: |
8192
|
|
|
768000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.0000000000768000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
768000
|
| Size: |
16384
|
|
|
5020000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.913533558.0000000005020000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
4E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955623308.0000000004E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
288E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.922988025.000000000288E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
288E000
|
| Size: |
8192
|
|
|
CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318728027.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
23805065000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820743163.0000023805065000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805065000
|
| Size: |
8192
|
|
|
29E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E0000
|
| Size: |
4096
|
|
|
2A24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A24000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
353E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887823763.000000000353E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353E000
|
| Size: |
8192
|
|
|
B70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915712521.000000000B70E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B70E000
|
| Size: |
8192
|
|
|
2307000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949852945.0000000002307000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2307000
|
| Size: |
4096
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319386328.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
24576
|
|
|
8C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915039359.0000000008C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C3F000
|
| Size: |
4096
|
|
|
10E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320798451.00000000010E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E0000
|
| Size: |
16384
|
|
|
B4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319204879.0000000000B4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4E000
|
| Size: |
8192
|
|
|
27E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3321341509.00000000027E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
27E0000
|
| Size: |
4096
|
|
|
24E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950114239.00000000024E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24E0000
|
| Size: |
4096
|
|
|
DC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC6000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328348011.0000000005D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D70000
|
| Size: |
356352
|
|
|
ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949484296.0000000000ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ADE000
|
| Size: |
8192
|
|
|
23804DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814651446.0000023804DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DC0000
|
| Size: |
4096
|
|
|
5396000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328334636.0000000005396000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5396000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909367441.00000000005F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
23804DE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814569482.0000023804DE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DE2000
|
| Size: |
4096
|
|
|
A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318427567.0000000000A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
4096
|
|
|
237FFB02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820408141.00000237FFB02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFB02000
|
| Size: |
8192
|
|
|
39B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.912315937.00000000039B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B1000
|
| Size: |
28672
|
|
|
62F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3330064432.00000000062F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62F0000
|
| Size: |
4096
|
|
|
5A9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914238057.0000000005A9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A9A000
|
| Size: |
106496
|
|
|
A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318284239.0000000000A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
49152
|
|
|
D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319284545.0000000000D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D70000
|
| Size: |
57344
|
|
|
BAD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915847903.000000000BAD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BAD0000
|
| Size: |
4096
|
|
|
B84000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B84000
|
| Size: |
8192
|
|
|
A7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318229084.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A7D000
|
| Size: |
4096
|
|
|
2A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.911152780.0000000002A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A30000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
238050A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820759088.00000238050A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050A4000
|
| Size: |
122880
|
|
|
23805058000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820681636.0000023805058000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805058000
|
| Size: |
12288
|
|
|
4ADA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954670654.0000000004ADA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4ADA000
|
| Size: |
24576
|
|
|
5B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914375786.0000000005B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B60000
|
| Size: |
73728
|
|
|
CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318595938.0000000000CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
28672
|
|
|
6470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330310708.0000000006470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6470000
|
| Size: |
32768
|
|
|
2B84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B84000
|
| Size: |
20480
|
|
|
B9BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915791023.000000000B9BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B9BE000
|
| Size: |
8192
|
|
|
51B0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.913764910.00000000051B0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
51B0000
|
| Size: |
61440
|
|
|
E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910435281.0000000000E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
16384
|
|
|
ADA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909741855.0000000000ADA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ADA000
|
| Size: |
4096
|
|
|
57B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956015881.00000000057B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57B0000
|
| Size: |
8192
|
|
|
E05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910435281.0000000000E05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E05000
|
| Size: |
45056
|
|
|
89E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949416515.000000000089E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89E000
|
| Size: |
8192
|
|
|
FE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FE6000
|
| Size: |
16384
|
|
|
D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910207485.0000000000D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
65536
|
|
|
564A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328785440.000000000564A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
564A000
|
| Size: |
24576
|
|
|
AA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318645708.0000000000AA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA2000
|
| Size: |
4096
|
|
|
D7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319284545.0000000000D7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D7F000
|
| Size: |
4096
|
|
|
5EAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328922588.0000000005EAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EAD000
|
| Size: |
12288
|
|
|
4E50000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.955578148.0000000004E50000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
E1C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000E1C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E1C000
|
| Size: |
135168
|
|
|
5370000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3328047244.0000000005370000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
65536
|
|
|
24B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.950000576.00000000024B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
24B0000
|
| Size: |
65536
|
|
|
38A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.00000000038A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A1000
|
| Size: |
32768
|
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5B000
|
| Size: |
12288
|
|
|
2DC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DC1000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
634E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330091626.000000000634E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
634E000
|
| Size: |
8192
|
|
|
6510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3330512202.0000000006510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6510000
|
| Size: |
4096
|
|
|
C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317950931.0000000000C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C3E000
|
| Size: |
8192
|
|
|
4AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954532313.0000000004AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AA0000
|
| Size: |
4096
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947676862.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
16384
|
|
|
6200000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3329327249.0000000006200000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6200000
|
| Size: |
65536
|
|
|
763E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914933758.000000000763E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
763E000
|
| Size: |
8192
|
|
|
3B6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3326985369.0000000003B6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B6A000
|
| Size: |
122880
|
|
|
2B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.924334334.0000000002B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B40000
|
| Size: |
16384
|
|
|
23804EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805853555.0000023804EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804EE0000
|
| Size: |
4096
|
|
|
23804E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2808144952.0000023804E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E10000
|
| Size: |
4096
|
|
|
CF5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318955009.0000000000CF5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CF5000
|
| Size: |
4096
|
|
|
6EFBA7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819309956.0000006EFBA7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFBA7E000
|
| Size: |
4096
|
|
|
2A17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A17000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2380504E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820681636.000002380504E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380504E000
|
| Size: |
24576
|
|
|
246E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949945811.000000000246E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
246E000
|
| Size: |
8192
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947460409.0000000000650000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
4096
|
|
|
4B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955119629.0000000004B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B20000
|
| Size: |
65536
|
|
|
2B81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002B81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B81000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
76A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317474237.000000000076A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76A000
|
| Size: |
24576
|
|
|
2DB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB2000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.922931826.0000000002770000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2770000
|
| Size: |
4096
|
|
|
2968000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002968000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2968000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
20480
|
|
|
237FFAAF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2818871181.00000237FFAAF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAAF000
|
| Size: |
40960
|
|
|
2897000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.923167340.0000000002897000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2897000
|
| Size: |
110592
|
|
|
23804D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816039451.0000023804D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804D50000
|
| Size: |
4096
|
|
|
AD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318832243.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AD0000
|
| Size: |
65536
|
|
|
2890000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321381158.0000000002890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2890000
|
| Size: |
4096
|
|
|
B08E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959145266.000000000B08E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B08E000
|
| Size: |
8192
|
|
|
3E7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947363022.00000000003E7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E7000
|
| Size: |
36864
|
|
|
393A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3326578306.000000000393A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393A000
|
| Size: |
4096
|
|
|
4A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954439932.0000000004A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A70000
|
| Size: |
65536
|
|
|
2D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
49DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49DB000
|
| Size: |
69632
|
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317558574.00000000005B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910506302.0000000000F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1F000
|
| Size: |
4096
|
|
|
EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321149797.0000000000EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
65536
|
|
|
98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909463751.000000000098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98E000
|
| Size: |
8192
|
|
|
61FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329169148.00000000061FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
61FB000
|
| Size: |
12288
|
|
|
CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318090063.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CA0000
|
| Size: |
8192
|
|
|
4AAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913351664.0000000004AAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AAD000
|
| Size: |
12288
|
|
|
FED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910556063.0000000000FED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FED000
|
| Size: |
69632
|
|
|
2C28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C28000
|
| Size: |
12288
|
|
|
4ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327659955.0000000004ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED0000
|
| Size: |
4096
|
|
|
CF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318919425.0000000000CF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CF2000
|
| Size: |
4096
|
|
|
62CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329969161.00000000062CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
62CE000
|
| Size: |
8192
|
|
|
6B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956940395.0000000006B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B7E000
|
| Size: |
8192
|
|
|
CEA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318856358.0000000000CEA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CEA000
|
| Size: |
8192
|
|
|
2E26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002E26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E26000
|
| Size: |
4096
|
|
|
6010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.0000000006010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6010000
|
| Size: |
53248
|
|
|
AF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319050287.0000000000AF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF4000
|
| Size: |
49152
|
|
|
23805069000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820759088.0000023805069000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805069000
|
| Size: |
110592
|
|
|
AAB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318795817.0000000000AAB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AAB000
|
| Size: |
4096
|
|
|
2AED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327652790.0000000004BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BCE000
|
| Size: |
8192
|
|
|
A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318012046.0000000000A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A60000
|
| Size: |
8192
|
|
|
6A31000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956732166.0000000006A31000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A31000
|
| Size: |
4096
|
|
|
5C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328228078.0000000005C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C2E000
|
| Size: |
8192
|
|
|
4A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954138447.0000000004A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A10000
|
| Size: |
4096
|
|
|
4A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954285552.0000000004A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A30000
|
| Size: |
16384
|
|
|
237FFA41000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819860465.00000237FFA41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA41000
|
| Size: |
106496
|
|
|
23800640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815757377.0000023800640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23800640000
|
| Size: |
4096
|
|
|
A96000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3318529433.0000000000A96000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A96000
|
| Size: |
8192
|
|
|
EAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EAB000
|
| Size: |
8192
|
|
|
2C3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C3A000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328159148.0000000005380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5380000
|
| Size: |
4096
|
|
|
EC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000EC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
16384
|
|
|
B290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915573135.000000000B290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B290000
|
| Size: |
4096
|
|
|
2320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949898610.0000000002320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2320000
|
| Size: |
4096
|
|
|
CE6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3318813985.0000000000CE6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CE6000
|
| Size: |
8192
|
|
|
238050CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820872976.00000238050CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050CC000
|
| Size: |
36864
|
|
|
237FFA8C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFA8C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA8C000
|
| Size: |
8192
|
|
|
23800015000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820573223.0000023800015000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800015000
|
| Size: |
4096
|
|
|
601E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.000000000601E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
601E000
|
| Size: |
286720
|
|
|
5398000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328334636.0000000005398000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5398000
|
| Size: |
8192
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.922825633.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
24576
|
|
|
2FDA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887206977.0000000002FDA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDA000
|
| Size: |
24576
|
|
|
238050F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820872976.00000238050F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050F7000
|
| Size: |
4096
|
|
|
236E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949921387.000000000236E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
236E000
|
| Size: |
8192
|
|
|
5A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914035847.0000000005A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A4E000
|
| Size: |
8192
|
|
|
2966000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002966000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2966000
|
| Size: |
4096
|
|
|
29FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FC000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
237FFA77000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819981968.00000237FFA77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFA77000
|
| Size: |
4096
|
|
|
6EFB979000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819282569.0000006EFB979000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFB979000
|
| Size: |
28672
|
|
|
237FFABA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820380153.00000237FFABA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFABA000
|
| Size: |
12288
|
|
|
4B00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.955054499.0000000004B00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B00000
|
| Size: |
65536
|
|
|
DDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910262795.0000000000DDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDC000
|
| Size: |
16384
|
|
|
E4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E4B000
|
| Size: |
4096
|
|
|
CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318155445.0000000000CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CB0000
|
| Size: |
8192
|
|
|
B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B40000
|
| Size: |
36864
|
|
|
23805041000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820640065.0000023805041000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805041000
|
| Size: |
49152
|
|
|
A45000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317878068.0000000000A45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A45000
|
| Size: |
8192
|
|
|
6230000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3329684225.0000000006230000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6230000
|
| Size: |
4096
|
|
|
238050FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820976602.00000238050FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050FE000
|
| Size: |
4096
|
|
|
33E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887760698.00000000033E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E0000
|
| Size: |
20480
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317561526.00000000007D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
4FB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.955804104.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
65536
|
|
|
4B43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955211752.0000000004B43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B43000
|
| Size: |
8192
|
|
|
23804E13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1203873715.0000023804E13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E13000
|
| Size: |
69632
|
|
|
237FFAFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820408141.00000237FFAFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAFE000
|
| Size: |
12288
|
|
|
2A4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A4D000
|
| Size: |
4096
|
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327696365.00000000050CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CE000
|
| Size: |
8192
|
|
|
238050F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820872976.00000238050F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050F1000
|
| Size: |
12288
|
|
|
787000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.0000000000787000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
787000
|
| Size: |
53248
|
|
|
2577000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950138699.0000000002577000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2577000
|
| Size: |
454656
|
|
|
2AA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.911152780.0000000002AA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA7000
|
| Size: |
4235264
|
|
|
237FFAA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820195954.00000237FFAA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAA2000
|
| Size: |
16384
|
|
|
54A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317488709.000000000054A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54A000
|
| Size: |
24576
|
|
|
2AFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AFF000
|
| Size: |
135168
|
|
|
4E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955495216.0000000004E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E40000
|
| Size: |
65536
|
|
|
2AC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3321599886.0000000002AC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2AC0000
|
| Size: |
4096
|
|
|
4A02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.0000000004A02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A02000
|
| Size: |
49152
|
|
|
6EFB77E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819210824.0000006EFB77E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFB77E000
|
| Size: |
8192
|
|
|
237FFAAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820319477.00000237FFAAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFAAA000
|
| Size: |
8192
|
|
|
F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321250123.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F10000
|
| Size: |
16384
|
|
|
2C18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C18000
|
| Size: |
4096
|
|
|
22C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949561788.00000000022C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22C0000
|
| Size: |
8192
|
|
|
2B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B7C000
|
| Size: |
16384
|
|
|
D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320332459.0000000000D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9F000
|
| Size: |
4096
|
|
|
CB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3318284085.0000000000CB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CB4000
|
| Size: |
8192
|
|
|
2380510A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1256154703.000002380510A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380510A000
|
| Size: |
4096
|
|
|
4D1B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955258240.0000000004D1B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D1B000
|
| Size: |
20480
|
|
|
29F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.00000000029F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F8000
|
| Size: |
12288
|
|
|
23804DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1223966597.0000023804DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804DE0000
|
| Size: |
4096
|
|
|
2A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A50000
|
| Size: |
32768
|
|
|
2B99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002B99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B99000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A96E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958334671.000000000A96E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A96E000
|
| Size: |
8192
|
|
|
4F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327692759.0000000004F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F4E000
|
| Size: |
8192
|
|
|
34F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.952961077.00000000034F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F9000
|
| Size: |
4096
|
|
|
4FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955883472.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
8192
|
|
|
2D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D0A000
|
| Size: |
4096
|
|
|
D86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319388147.0000000000D86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D86000
|
| Size: |
40960
|
|
|
22DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949640105.00000000022DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22DD000
|
| Size: |
4096
|
|
|
D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910186845.0000000000D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D7E000
|
| Size: |
8192
|
|
|
2E32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002E32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E32000
|
| Size: |
446464
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
238050E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820872976.00000238050E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050E4000
|
| Size: |
40960
|
|
|
57AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955990354.00000000057AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57AE000
|
| Size: |
8192
|
|
|
2932000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910835548.0000000002932000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2932000
|
| Size: |
57344
|
|
|
23804F80000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1205119661.0000023804F80000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F80000
|
| Size: |
4096
|
|
|
34FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887792641.00000000034FF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
4096
|
|
|
6240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3329716326.0000000006240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6240000
|
| Size: |
61440
|
|
|
237FF800000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819605259.00000237FF800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FF800000
|
| Size: |
12288
|
|
|
C8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320210154.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C8B000
|
| Size: |
81920
|
|
|
AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909524106.0000000000AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA0000
|
| Size: |
8192
|
|
|
238050C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820759088.00000238050C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050C5000
|
| Size: |
24576
|
|
|
6081000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.0000000006081000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6081000
|
| Size: |
16384
|
|
|
6EFC87E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.2819490447.0000006EFC87E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6EFC87E000
|
| Size: |
4096
|
|
|
23804E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815603358.0000023804E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804E00000
|
| Size: |
4096
|
|
|
D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910170884.0000000000D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D3E000
|
| Size: |
8192
|
|
|
2AF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002AF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF6000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317804077.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
16384
|
|
|
50B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3327964039.00000000050B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
50E3000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3327854704.00000000050E3000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
50E3000
|
| Size: |
4096
|
|
|
4A14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954138447.0000000004A14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A14000
|
| Size: |
4096
|
|
|
5DD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328348011.0000000005DD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DD6000
|
| Size: |
73728
|
|
|
6EFBF7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819332897.0000006EFBF7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFBF7B000
|
| Size: |
20480
|
|
|
24AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949973219.00000000024AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24AB000
|
| Size: |
20480
|
|
|
BF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317804077.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF5000
|
| Size: |
12288
|
|
|
499E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327329168.000000000499E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
499E000
|
| Size: |
8192
|
|
|
238050D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820872976.00000238050D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050D6000
|
| Size: |
53248
|
|
|
4DBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955336420.0000000004DBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DBF000
|
| Size: |
4096
|
|
|
23804F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815321282.0000023804F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804F10000
|
| Size: |
4096
|
|
|
5A64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A64000
|
| Size: |
8192
|
|
|
AB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909542249.0000000000AB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AB0000
|
| Size: |
8192
|
|
|
ACD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.909671100.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ACD000
|
| Size: |
4096
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947533430.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
16384
|
|
|
23800102000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816704620.0000023800102000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800102000
|
| Size: |
4096
|
|
|
28AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910717051.00000000028AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28AE000
|
| Size: |
8192
|
|
|
B74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B74000
|
| Size: |
40960
|
|
|
5A76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914067074.0000000005A76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A76000
|
| Size: |
8192
|
|
|
23805102000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2821055537.0000023805102000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23805102000
|
| Size: |
8192
|
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.911128198.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A0000
|
| Size: |
4096
|
|
|
2ADD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ADD000
|
| Size: |
8192
|
|
|
49F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953757728.00000000049F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49F6000
|
| Size: |
16384
|
|
|
28B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910736080.00000000028B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28B0000
|
| Size: |
65536
|
|
|
22ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949703500.00000000022ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22ED000
|
| Size: |
4096
|
|
|
A76F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957948233.000000000A76F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A76F000
|
| Size: |
4096
|
|
|
23800390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2816527638.0000023800390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23800390000
|
| Size: |
4096
|
|
|
ACEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958820946.000000000ACEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACEE000
|
| Size: |
8192
|
|
|
D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319120885.0000000000D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D5E000
|
| Size: |
8192
|
|
|
6079000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3329093188.0000000006079000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6079000
|
| Size: |
16384
|
|
|
BD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3319386328.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD8000
|
| Size: |
466944
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
423000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3317198665.0000000000423000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
423000
|
| Size: |
4096
|
|
|
237FF820000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819632534.00000237FF820000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FF820000
|
| Size: |
4096
|
|
|
23800900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2815064323.0000023800900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23800900000
|
| Size: |
4096
|
|
|
ED2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000ED2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ED2000
|
| Size: |
49152
|
|
|
6F9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957346904.0000000006F9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F9D000
|
| Size: |
12288
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909481473.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
16384
|
|
|
4EC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327592633.0000000004EC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EC3000
|
| Size: |
8192
|
|
|
22F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949743274.00000000022F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22F2000
|
| Size: |
4096
|
|
|
5360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913904239.0000000005360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
65536
|
|
|
6C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956966373.0000000006C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C7F000
|
| Size: |
4096
|
|
|
4CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3327372649.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
58A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909344225.000000000058A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58A000
|
| Size: |
24576
|
|
|
76FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914995731.00000000076FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76FE000
|
| Size: |
8192
|
|
|
A74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3318176240.0000000000A74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A74000
|
| Size: |
8192
|
|
|
23800D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814775133.0000023800D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23800D50000
|
| Size: |
4096
|
|
|
2A7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3320925739.0000000002A7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A7D000
|
| Size: |
69632
|
|
|
4F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913417886.0000000004F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F40000
|
| Size: |
65536
|
|
|
44F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.953683906.00000000044F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F8000
|
| Size: |
4096
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3317611012.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
8192
|
|
|
2300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949812724.0000000002300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2300000
|
| Size: |
4096
|
|
|
2BEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002BEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BEA000
|
| Size: |
458752
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C10000
|
| Size: |
4096
|
|
|
9DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.949461393.00000000009DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DE000
|
| Size: |
8192
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
4096
|
|
|
3290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887622603.0000000003290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3290000
|
| Size: |
4096
|
|
|
4AC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.954607973.0000000004AC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
4096
|
|
|
24F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950138699.00000000024F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
24F1000
|
| Size: |
507904
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.913459990.0000000004F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
8192
|
|
|
2996000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002996000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2996000
|
| Size: |
8192
|
|
|
238050FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2820976602.00000238050FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
238050FC000
|
| Size: |
4096
|
|
|
B4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.909868364.0000000000B4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B4A000
|
| Size: |
8192
|
|
|
2A9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321465278.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A9F000
|
| Size: |
4096
|
|
|
B4CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915631541.000000000B4CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4CD000
|
| Size: |
12288
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3317666382.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
294B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.000000000294B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294B000
|
| Size: |
8192
|
|
|
23800100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2817010775.0000023800100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23800100000
|
| Size: |
4096
|
|
|
22FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.949793041.00000000022FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22FA000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947836846.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
28672
|
|
|
8B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915020215.0000000008B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8B3F000
|
| Size: |
4096
|
|
|
2983000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910993373.0000000002983000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2983000
|
| Size: |
8192
|
|
|
69B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.956732166.00000000069B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69B0000
|
| Size: |
86016
|
|
|
DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910368530.0000000000DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
65536
|
|
|
E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.910486160.0000000000E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
16384
|
|
|
2C55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C55000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.955648009.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
65536
|
|
|
B87C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.915732982.000000000B87C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B87C000
|
| Size: |
16384
|
|
|
665000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.947595644.0000000000665000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
665000
|
| Size: |
4096
|
|
|
538E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328159148.000000000538E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
538E000
|
| Size: |
8192
|
|
|
D90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.910243092.0000000000D90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
2570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.950138699.0000000002570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2570000
|
| Size: |
24576
|
|
|
39D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.912315937.00000000039D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D9000
|
| Size: |
180224
|
|
|
6EFB37E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2819086722.0000006EFB37E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EFB37E000
|
| Size: |
8192
|
|
|
ACAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958781395.000000000ACAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACAE000
|
| Size: |
8192
|
|
|
73EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.914892082.00000000073EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73EE000
|
| Size: |
8192
|
|
|
2C14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3321635373.0000000002C14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C14000
|
| Size: |
4096
|
|
|
ABAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.958740174.000000000ABAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABAD000
|
| Size: |
12288
|
|
|
547E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3328050979.000000000547E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
547E000
|
| Size: |
8192
|
|
|
DBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3319530184.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DBA000
|
| Size: |
8192
|
|
|
562E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3328637671.000000000562E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
562E000
|
| Size: |
8192
|
|
|
237FFB02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2814825108.00000237FFB02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
237FFB02000
|
| Size: |
45056
|
|
|
ECD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3320534987.0000000000ECD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ECD000
|
| Size: |
16384
|
|
|
67D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.922759941.000000000067D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67D000
|
| Size: |
12288
|
|
|
6490000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3330457596.0000000006490000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6490000
|
| Size: |
32768
|
|
|
23804ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2805645041.0000023804ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
23804ED0000
|
| Size: |
4096
|
|
|
B2CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.959297165.000000000B2CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2CF000
|
| Size: |
4096
|
|
|
2BE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3321437750.0000000002BE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE8000
|
| Size: |
4096
|
|
|
3240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.887292771.0000000003240000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3240000
|
| Size: |
4096
|
|
|
6F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.957260573.0000000006F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F5E000
|
| Size: |
8192
|
|
|
2F9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.886925000.0000000002F9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9D000
|
| Size: |
12288
|
|
