|
2CA1000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000008.00000002.2107934491.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA1000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002A61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A61000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
41A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.882828627.00000000041A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41A8000
|
| Size: |
831488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
435000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000435000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
435000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.916297343.0000000003F19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F19000
|
| Size: |
831488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
66D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119835179.00000000066D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66D0000
|
| Size: |
8192
|
|
|
3AC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003AC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC8000
|
| Size: |
8192
|
|
|
243A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.856972255.000000000243A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
243A000
|
| Size: |
24576
|
|
|
511B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.000000000511B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
511B000
|
| Size: |
8192
|
|
|
6680000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119355048.0000000006680000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6680000
|
| Size: |
65536
|
|
|
26FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913548447.00000000026FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26FA000
|
| Size: |
688128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.838940327.00000000003F0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
196BEBA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107881425.00000196BEBA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEBA0000
|
| Size: |
4096
|
|
|
6670000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119108805.0000000006670000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6670000
|
| Size: |
4096
|
|
|
BC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913076955.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BC0000
|
| Size: |
65536
|
|
|
B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880672241.0000000000B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
65536
|
|
|
290E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108089958.000000000290E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
290E000
|
| Size: |
8192
|
|
|
3E53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003E53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E53000
|
| Size: |
4096
|
|
|
649E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118645474.000000000649E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
649E000
|
| Size: |
8192
|
|
|
2A98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107623066.0000000002A98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A98000
|
| Size: |
4096
|
|
|
730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911549532.0000000000730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
730000
|
| Size: |
8192
|
|
|
ACAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921874065.000000000ACAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACAE000
|
| Size: |
8192
|
|
|
4A68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114166479.0000000004A68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A68000
|
| Size: |
4096
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105649389.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
2D49000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D49000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D49000
|
| Size: |
4096
|
|
|
2F33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F33000
|
| Size: |
122880
|
|
|
B3FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922103055.000000000B3FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3FE000
|
| Size: |
8192
|
|
|
952277E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106014086.000000952277E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952277E000
|
| Size: |
4096
|
|
|
2C16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C16000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C50000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
4096
|
|
|
B1CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885919355.000000000B1CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1CD000
|
| Size: |
12288
|
|
|
196BEC10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107938138.00000196BEC10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEC10000
|
| Size: |
4096
|
|
|
9522879000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106075327.0000009522879000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9522879000
|
| Size: |
28672
|
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CFD000
|
| Size: |
40960
|
|
|
3D0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D0C000
|
| Size: |
4096
|
|
|
F7C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106640068.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F7C000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
25B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857065352.00000000025B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25B0000
|
| Size: |
20480
|
|
|
2A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107374134.0000000002A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A20000
|
| Size: |
4096
|
|
|
2CE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE8000
|
| Size: |
4096
|
|
|
2B0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B0C000
|
| Size: |
4096
|
|
|
511E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.000000000511E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
511E000
|
| Size: |
12288
|
|
|
3BF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BF6000
|
| Size: |
12288
|
|
|
6840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2121145678.0000000006840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6840000
|
| Size: |
4096
|
|
|
3F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F80000
|
| Size: |
8192
|
|
|
D85000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105605847.0000000000D85000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D85000
|
| Size: |
12288
|
|
|
4F70000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.883496828.0000000004F70000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4F70000
|
| Size: |
4096
|
|
|
4BCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917682566.0000000004BCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BCA000
|
| Size: |
24576
|
|
|
5020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883595554.0000000005020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
4FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115148148.0000000004FE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FE4000
|
| Size: |
4096
|
|
|
538E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883868373.000000000538E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
538E000
|
| Size: |
8192
|
|
|
6BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884342284.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BE0000
|
| Size: |
77824
|
|
|
621B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.000000000621B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
621B000
|
| Size: |
4096
|
|
|
2D55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D55000
|
| Size: |
4096
|
|
|
2D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
95223FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105718383.00000095223FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95223FE000
|
| Size: |
8192
|
|
|
4F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114311806.0000000004F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
3CEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CEC000
|
| Size: |
4096
|
|
|
51D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918639531.00000000051D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51D4000
|
| Size: |
45056
|
|
|
2F54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F54000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2A22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107407442.0000000002A22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A22000
|
| Size: |
4096
|
|
|
2B47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B47000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918108415.0000000004F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F0E000
|
| Size: |
8192
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105605847.0000000000D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
16384
|
|
|
9521B7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2104879413.0000009521B7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9521B7E000
|
| Size: |
4096
|
|
|
EC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
6238000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.0000000006238000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6238000
|
| Size: |
221184
|
|
|
50E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114096546.00000000050E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
431000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000431000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
431000
|
| Size: |
12288
|
|
|
66B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2118696371.00000000066B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66B0000
|
| Size: |
65536
|
|
|
27A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913548447.00000000027A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27A5000
|
| Size: |
65536
|
|
|
43C000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000043C000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43C000
|
| Size: |
4096
|
|
|
67C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120562508.00000000067C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C0000
|
| Size: |
4096
|
|
|
AB70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921586656.000000000AB70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB70000
|
| Size: |
270336
|
|
|
DAA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106439767.0000000000DAA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DAA000
|
| Size: |
8192
|
|
|
AAB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880419791.0000000000AAB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AAB000
|
| Size: |
4096
|
|
|
196BF04C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108437701.00000196BF04C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF04C000
|
| Size: |
28672
|
|
|
4FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FBA000
|
| Size: |
4096
|
|
|
6680000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118175958.0000000006680000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6680000
|
| Size: |
32768
|
|
|
42D000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000042D000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
A96000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880341183.0000000000A96000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A96000
|
| Size: |
8192
|
|
|
AA7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880403058.0000000000AA7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AA7000
|
| Size: |
4096
|
|
|
27A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913548447.00000000027A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27A3000
|
| Size: |
4096
|
|
|
9522B7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106238755.0000009522B7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9522B7E000
|
| Size: |
4096
|
|
|
196B9A2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106672938.00000196B9A2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A2B000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116299729.0000000005EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EEE000
|
| Size: |
8192
|
|
|
196BA11A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1275600234.00000196BA11A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA11A000
|
| Size: |
4096
|
|
|
5122000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.0000000005122000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5122000
|
| Size: |
28672
|
|
|
196B9A73000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106752343.00000196B9A73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A73000
|
| Size: |
4096
|
|
|
6770000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2120367413.0000000006770000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6770000
|
| Size: |
65536
|
|
|
F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F01000
|
| Size: |
8192
|
|
|
42A000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000042A000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42A000
|
| Size: |
4096
|
|
|
4B0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004B0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B0E000
|
| Size: |
8192
|
|
|
66C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118868464.00000000066C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66C0000
|
| Size: |
65536
|
|
|
9522E7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106372092.0000009522E7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9522E7B000
|
| Size: |
20480
|
|
|
90A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911913705.000000000090A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
90A000
|
| Size: |
4096
|
|
|
DFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913430377.0000000000DFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DFB000
|
| Size: |
20480
|
|
|
2778000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881296085.0000000002778000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2778000
|
| Size: |
4096
|
|
|
B60E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.886037011.000000000B60E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B60E000
|
| Size: |
8192
|
|
|
8FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911823692.00000000008FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8FD000
|
| Size: |
4096
|
|
|
1030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106823571.0000000001030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1030000
|
| Size: |
16384
|
|
|
3C86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003C86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C86000
|
| Size: |
12288
|
|
|
5160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114988632.0000000005160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5160000
|
| Size: |
65536
|
|
|
2F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F61000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FA0000
|
| Size: |
20480
|
|
|
952197E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2104746672.000000952197E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952197E000
|
| Size: |
4096
|
|
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880285431.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A8D000
|
| Size: |
4096
|
|
|
622B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116549185.000000000622B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
622B000
|
| Size: |
258048
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D73000
|
| Size: |
16384
|
|
|
5260000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.883757503.0000000005260000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5260000
|
| Size: |
61440
|
|
|
196BF08C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108553008.00000196BF08C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF08C000
|
| Size: |
196608
|
|
|
4F4E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.918212854.0000000004F4E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4F4E000
|
| Size: |
4096
|
|
|
BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913046092.0000000000BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBE000
|
| Size: |
8192
|
|
|
2DAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DAA000
|
| Size: |
4096
|
|
|
DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106316816.0000000000DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
4096
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
36864
|
|
|
3B26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B26000
|
| Size: |
8192
|
|
|
25AE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857030949.00000000025AE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
25AE000
|
| Size: |
8192
|
|
|
6B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920270123.0000000006B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B50000
|
| Size: |
77824
|
|
|
3D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D3E000
|
| Size: |
12288
|
|
|
F4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F4A000
|
| Size: |
8192
|
|
|
C3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C3E000
|
| Size: |
266240
|
|
|
F35000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107624235.0000000000F35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F35000
|
| Size: |
16384
|
|
|
47AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917153729.00000000047AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47AC000
|
| Size: |
16384
|
|
|
D37000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105468539.0000000000D37000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D37000
|
| Size: |
36864
|
|
|
952177E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2104567295.000000952177E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952177E000
|
| Size: |
4096
|
|
|
1060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107966283.0000000001060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1060000
|
| Size: |
16384
|
|
|
DA6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106390488.0000000000DA6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DA6000
|
| Size: |
8192
|
|
|
196BEE20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207622788.00000196BEE20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE20000
|
| Size: |
8192
|
|
|
3C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C70000
|
| Size: |
4096
|
|
|
196B9A22000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106597014.00000196B9A22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A22000
|
| Size: |
32768
|
|
|
2876000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.0000000002876000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2876000
|
| Size: |
16384
|
|
|
4FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FB2000
|
| Size: |
28672
|
|
|
5000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883550969.0000000005000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
65536
|
|
|
95221FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105472724.00000095221FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95221FE000
|
| Size: |
8192
|
|
|
2FF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FF3000
|
| Size: |
12288
|
|
|
5950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918724743.0000000005950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5950000
|
| Size: |
110592
|
|
|
95234FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106427169.00000095234FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95234FE000
|
| Size: |
8192
|
|
|
ABCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885390969.000000000ABCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABCE000
|
| Size: |
8192
|
|
|
196B9810000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106474957.00000196B9810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9810000
|
| Size: |
12288
|
|
|
4B22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004B22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B22000
|
| Size: |
49152
|
|
|
28CA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890591630.00000000028CA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28CA000
|
| Size: |
24576
|
|
|
67F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120083566.00000000067F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F5000
|
| Size: |
45056
|
|
|
666A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118902421.000000000666A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
666A000
|
| Size: |
24576
|
|
|
2871000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.0000000002871000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2871000
|
| Size: |
16384
|
|
|
442000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000442000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
442000
|
| Size: |
4096
|
|
|
E77000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000E77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E77000
|
| Size: |
503808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106708686.0000000000E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
4096
|
|
|
6790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2119655269.0000000006790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6790000
|
| Size: |
65536
|
|
|
2EB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB6000
|
| Size: |
270336
|
|
|
6750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120128384.0000000006750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6750000
|
| Size: |
4096
|
|
|
64FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117712276.00000000064FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64FE000
|
| Size: |
8192
|
|
|
9DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.00000000009DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DF000
|
| Size: |
8192
|
|
|
B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880701718.0000000000B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B70000
|
| Size: |
16384
|
|
|
2D6F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D6F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6F000
|
| Size: |
8192
|
|
|
409000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000409000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
409000
|
| Size: |
20480
|
|
|
3D67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D67000
|
| Size: |
8192
|
|
|
196B9A79000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106752343.00000196B9A79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A79000
|
| Size: |
4096
|
|
|
1050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107875610.0000000001050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1050000
|
| Size: |
65536
|
|
|
284C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881318228.000000000284C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
284C000
|
| Size: |
16384
|
|
|
2DA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA7000
|
| Size: |
8192
|
|
|
8F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911781184.00000000008F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8F0000
|
| Size: |
8192
|
|
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880520810.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AE0000
|
| Size: |
65536
|
|
|
4AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
12288
|
|
|
6D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920643641.0000000006D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D1E000
|
| Size: |
8192
|
|
|
2E29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E29000
|
| Size: |
4096
|
|
|
196BEE10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108012455.00000196BEE10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE10000
|
| Size: |
4096
|
|
|
3ACB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003ACB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ACB000
|
| Size: |
4096
|
|
|
3AF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003AF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF1000
|
| Size: |
4096
|
|
|
9521A7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104812912.0000009521A7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521A7C000
|
| Size: |
16384
|
|
|
2A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107558436.0000000002A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A40000
|
| Size: |
4096
|
|
|
5131000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.0000000005131000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5131000
|
| Size: |
16384
|
|
|
8E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911739672.00000000008E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8E4000
|
| Size: |
4096
|
|
|
3D92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D92000
|
| Size: |
20480
|
|
|
2A25000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107441939.0000000002A25000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A25000
|
| Size: |
4096
|
|
|
26B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913548447.00000000026B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B1000
|
| Size: |
286720
|
|
|
2A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107121554.0000000002A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A00000
|
| Size: |
28672
|
|
|
631D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118439569.000000000631D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
631D000
|
| Size: |
12288
|
|
|
3D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
16384
|
|
|
6F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911495341.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F7000
|
| Size: |
36864
|
|
|
36B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.916297343.00000000036B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B9000
|
| Size: |
4096
|
|
|
3FB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB4000
|
| Size: |
16384
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881248245.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
20480
|
|
|
42B000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000042B000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42B000
|
| Size: |
4096
|
|
|
B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880593951.0000000000B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
65536
|
|
|
3D5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D5E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
513D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.000000000513D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
513D000
|
| Size: |
69632
|
|
|
67B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120456599.00000000067B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67B4000
|
| Size: |
36864
|
|
|
6219000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.0000000006219000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6219000
|
| Size: |
4096
|
|
|
407000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000407000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
407000
|
| Size: |
4096
|
|
|
42E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000042E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42E000
|
| Size: |
4096
|
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879758660.00000000005B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
8192
|
|
|
D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105537914.0000000000D70000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D70000
|
| Size: |
4096
|
|
|
196BA7F0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107679739.00000196BA7F0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA7F0000
|
| Size: |
65536
|
|
|
67E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120772189.00000000067E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67E7000
|
| Size: |
36864
|
|
|
71CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884822060.00000000071CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71CD000
|
| Size: |
12288
|
|
|
2C18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C18000
|
| Size: |
4096
|
|
|
597A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918724743.000000000597A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
597A000
|
| Size: |
20480
|
|
|
6678000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119108805.0000000006678000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6678000
|
| Size: |
16384
|
|
|
D83000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106015441.0000000000D83000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D83000
|
| Size: |
4096
|
|
|
900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911841391.0000000000900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
4096
|
|
|
196B9A13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106597014.00000196B9A13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A13000
|
| Size: |
57344
|
|
|
2ADB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ADB000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
61E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.00000000061E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61E0000
|
| Size: |
229376
|
|
|
A74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880200864.0000000000A74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A74000
|
| Size: |
4096
|
|
|
974000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.0000000000974000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
974000
|
| Size: |
32768
|
|
|
36B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.916297343.00000000036B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B1000
|
| Size: |
28672
|
|
|
D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105953551.0000000000D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
8192
|
|
|
2E58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E58000
|
| Size: |
4096
|
|
|
9521FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105331395.0000009521FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521FFE000
|
| Size: |
8192
|
|
|
F33000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107624235.0000000000F33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F33000
|
| Size: |
4096
|
|
|
5A2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884102017.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A2A000
|
| Size: |
65536
|
|
|
5150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114794481.0000000005150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
4A3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883384569.0000000004A3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A3C000
|
| Size: |
16384
|
|
|
2F21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F21000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2BE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE1000
|
| Size: |
8192
|
|
|
2AB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2DAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DAC000
|
| Size: |
4096
|
|
|
2BBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890981401.0000000002BBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BBB000
|
| Size: |
102400
|
|
|
2B6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B6C000
|
| Size: |
434176
|
|
|
667E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118078679.000000000667E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
667E000
|
| Size: |
8192
|
|
|
2D88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D88000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3CA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003CA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA1000
|
| Size: |
36864
|
|
|
2850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.0000000002850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2850000
|
| Size: |
32768
|
|
|
6710000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2119316102.0000000006710000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6710000
|
| Size: |
65536
|
|
|
403000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000403000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
403000
|
| Size: |
16384
|
|
|
BA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000BA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA7000
|
| Size: |
53248
|
|
|
2E52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E52000
|
| Size: |
8192
|
|
|
196BA800000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107710883.00000196BA800000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA800000
|
| Size: |
65536
|
|
|
4DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918074340.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
582E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116238827.000000000582E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
582E000
|
| Size: |
8192
|
|
|
4FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883517532.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
65536
|
|
|
D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881173020.0000000000D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
65536
|
|
|
51C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.918538203.00000000051C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51C0000
|
| Size: |
49152
|
|
|
6800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120968221.0000000006800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6800000
|
| Size: |
32768
|
|
|
2910000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2108158423.0000000002910000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2910000
|
| Size: |
4096
|
|
|
43F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000043F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43F000
|
| Size: |
4096
|
|
|
5080000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883639144.0000000005080000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5080000
|
| Size: |
69632
|
|
|
B2CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885944015.000000000B2CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2CE000
|
| Size: |
8192
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881192704.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
16384
|
|
|
196BA000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107253470.00000196BA000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA000000
|
| Size: |
4096
|
|
|
73C46000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.886166639.0000000073C46000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C46000
|
| Size: |
28672
|
|
|
B75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880701718.0000000000B75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B75000
|
| Size: |
45056
|
|
|
E6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6A000
|
| Size: |
16384
|
|
|
2DB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB1000
|
| Size: |
12288
|
|
|
B30C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885962607.000000000B30C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B30C000
|
| Size: |
16384
|
|
|
D84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106076955.0000000000D84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D84000
|
| Size: |
8192
|
|
|
196B9AFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107087948.00000196B9AFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9AFD000
|
| Size: |
16384
|
|
|
952157E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2104343257.000000952157E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952157E000
|
| Size: |
4096
|
|
|
66B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119659221.00000000066B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66B0000
|
| Size: |
4096
|
|
|
2CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF1000
|
| Size: |
122880
|
|
|
8E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911692787.00000000008E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8E0000
|
| Size: |
8192
|
|
|
ACD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885466592.000000000ACD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ACD0000
|
| Size: |
4096
|
|
|
67A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2119782219.00000000067A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
67A0000
|
| Size: |
65536
|
|
|
3941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.882828627.0000000003941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3941000
|
| Size: |
28672
|
|
|
28D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.881668888.00000000028D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
28D0000
|
| Size: |
65536
|
|
|
50CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116009536.00000000050CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CD000
|
| Size: |
12288
|
|
|
3CC9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CC9000
|
| Size: |
180224
|
|
|
196B9B13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107149949.00000196B9B13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9B13000
|
| Size: |
24576
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911596442.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
16384
|
|
|
A7CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921288291.000000000A7CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7CE000
|
| Size: |
8192
|
|
|
73C4F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.886271088.0000000073C4F000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C4F000
|
| Size: |
12288
|
|
|
3B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B2F000
|
| Size: |
16384
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879985144.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
4FBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FBE000
|
| Size: |
4096
|
|
|
AE2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885491405.000000000AE2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE2E000
|
| Size: |
8192
|
|
|
2D13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D13000
|
| Size: |
4096
|
|
|
710E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884694935.000000000710E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
710E000
|
| Size: |
8192
|
|
|
196BA7D0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107579482.00000196BA7D0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA7D0000
|
| Size: |
65536
|
|
|
4DAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918046498.0000000004DAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DAB000
|
| Size: |
20480
|
|
|
2C1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1A000
|
| Size: |
4096
|
|
|
2DA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA2000
|
| Size: |
12288
|
|
|
6BF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884342284.0000000006BF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BF4000
|
| Size: |
4096
|
|
|
B50E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.886009582.000000000B50E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B50E000
|
| Size: |
8192
|
|
|
2EAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002EAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EAD000
|
| Size: |
28672
|
|
|
410000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000410000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
410000
|
| Size: |
65536
|
|
|
29E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106926834.00000000029E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E0000
|
| Size: |
8192
|
|
|
3D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D0A000
|
| Size: |
4096
|
|
|
2A0D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107186460.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A0D000
|
| Size: |
4096
|
|
|
2B18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B18000
|
| Size: |
4096
|
|
|
196BA810000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107755904.00000196BA810000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA810000
|
| Size: |
65536
|
|
|
3D14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D14000
|
| Size: |
4096
|
|
|
66AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118559452.00000000066AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66AD000
|
| Size: |
12288
|
|
|
2C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C20000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
196BAB61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107797571.00000196BAB61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BAB61000
|
| Size: |
4096
|
|
|
BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BC0000
|
| Size: |
4096
|
|
|
635E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118507013.000000000635E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
635E000
|
| Size: |
8192
|
|
|
AA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880384440.0000000000AA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA2000
|
| Size: |
4096
|
|
|
4BB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917616034.0000000004BB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB2000
|
| Size: |
57344
|
|
|
A90E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921456782.000000000A90E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A90E000
|
| Size: |
8192
|
|
|
428000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000428000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
428000
|
| Size: |
4096
|
|
|
2CDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CDF000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
8ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911762023.00000000008ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8ED000
|
| Size: |
4096
|
|
|
2D59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D59000
|
| Size: |
4096
|
|
|
653E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117802695.000000000653E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
653E000
|
| Size: |
8192
|
|
|
2FF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FF7000
|
| Size: |
376832
|
|
|
6218000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116549185.0000000006218000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6218000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F11000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D25000
|
| Size: |
229376
|
|
|
3F2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.838955544.00000000003F2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F2000
|
| Size: |
753664
|
|
|
657E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117891925.000000000657E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
657E000
|
| Size: |
8192
|
|
|
4B3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114197066.0000000004B3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B3C000
|
| Size: |
16384
|
|
|
61DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117340919.00000000061DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61DE000
|
| Size: |
8192
|
|
|
3B1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B1D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6720000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2119438374.0000000006720000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6720000
|
| Size: |
65536
|
|
|
6E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920671617.0000000006E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E1F000
|
| Size: |
4096
|
|
|
4CC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917908270.0000000004CC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CC8000
|
| Size: |
24576
|
|
|
3D5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D5E000
|
| Size: |
4096
|
|
|
714F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920754255.000000000714F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714F000
|
| Size: |
4096
|
|
|
196BF100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2109048862.00000196BF100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF100000
|
| Size: |
4096
|
|
|
3DC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003DC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DC4000
|
| Size: |
4096
|
|
|
6CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120736656.0000000006CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CD0000
|
| Size: |
8192
|
|
|
6221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116549185.0000000006221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6221000
|
| Size: |
8192
|
|
|
A9CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885345877.000000000A9CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9CE000
|
| Size: |
8192
|
|
|
60DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117232251.00000000060DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60DE000
|
| Size: |
8192
|
|
|
2C68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C68000
|
| Size: |
319488
|
|
|
2A37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881827881.0000000002A37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A37000
|
| Size: |
57344
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913229313.0000000000BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
113E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106881063.000000000113E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
113E000
|
| Size: |
8192
|
|
|
298A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881827881.000000000298A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
298A000
|
| Size: |
704512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FAB000
|
| Size: |
8192
|
|
|
2640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857612695.0000000002640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2640000
|
| Size: |
32768
|
|
|
4F40000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.918212854.0000000004F40000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4F40000
|
| Size: |
4096
|
|
|
2B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890964461.0000000002B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B3F000
|
| Size: |
4096
|
|
|
4CE3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917990954.0000000004CE3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE3000
|
| Size: |
8192
|
|
|
DB5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106519772.0000000000DB5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DB5000
|
| Size: |
4096
|
|
|
AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880494893.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
4096
|
|
|
73C4D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922161160.0000000073C4D000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C4D000
|
| Size: |
8192
|
|
|
55DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116388937.00000000055DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55DE000
|
| Size: |
8192
|
|
|
5270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883789569.0000000005270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
50F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116109052.00000000050F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
2AD7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD7000
|
| Size: |
4096
|
|
|
196BEF30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108189681.00000196BEF30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF30000
|
| Size: |
4096
|
|
|
196B9B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107087948.00000196B9B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9B02000
|
| Size: |
40960
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105714822.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
8192
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
20480
|
|
|
952207E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105412955.000000952207E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952207E000
|
| Size: |
4096
|
|
|
B8A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B8A000
|
| Size: |
8192
|
|
|
2B08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B08000
|
| Size: |
4096
|
|
|
196BA100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107334146.00000196BA100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA100000
|
| Size: |
4096
|
|
|
196BEE30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108068381.00000196BEE30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE30000
|
| Size: |
4096
|
|
|
6CF0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884431978.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
6CF0000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
952227E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105535746.000000952227E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952227E000
|
| Size: |
4096
|
|
|
2EA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002EA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EA2000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3FD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003FD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD3000
|
| Size: |
20480
|
|
|
196BAB90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107829354.00000196BAB90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BAB90000
|
| Size: |
4096
|
|
|
196BF10A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2109121564.00000196BF10A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF10A000
|
| Size: |
4096
|
|
|
3B64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B64000
|
| Size: |
12288
|
|
|
714E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884733736.000000000714E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714E000
|
| Size: |
8192
|
|
|
196BEF50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207463043.00000196BEF50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF50000
|
| Size: |
8192
|
|
|
E75000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000E75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E75000
|
| Size: |
4096
|
|
|
A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879998490.0000000000A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A60000
|
| Size: |
8192
|
|
|
B2BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922058400.000000000B2BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2BF000
|
| Size: |
4096
|
|
|
59A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918871327.00000000059A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59A9000
|
| Size: |
77824
|
|
|
ADEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921927333.000000000ADEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ADEE000
|
| Size: |
8192
|
|
|
2600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857166100.0000000002600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2600000
|
| Size: |
4096
|
|
|
196B9A94000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9A94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A94000
|
| Size: |
45056
|
|
|
27BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.858156216.00000000027BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27BF000
|
| Size: |
4096
|
|
|
59E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883967243.00000000059E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59E0000
|
| Size: |
57344
|
|
|
67E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120772189.00000000067E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67E0000
|
| Size: |
8192
|
|
|
3AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AE0000
|
| Size: |
16384
|
|
|
2E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890940676.0000000002AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AFE000
|
| Size: |
8192
|
|
|
196BA11A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1271366603.00000196BA11A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA11A000
|
| Size: |
4096
|
|
|
196BA7C0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107534504.00000196BA7C0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA7C0000
|
| Size: |
65536
|
|
|
51D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918639531.00000000051D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
8192
|
|
|
28FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881734885.00000000028FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28FA000
|
| Size: |
24576
|
|
|
5AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884282136.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF0000
|
| Size: |
65536
|
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7B000
|
| Size: |
8192
|
|
|
C39000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105393338.0000000000C39000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C39000
|
| Size: |
28672
|
|
|
AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880448235.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB0000
|
| Size: |
16384
|
|
|
562D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115863401.000000000562D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
562D000
|
| Size: |
12288
|
|
|
196BEEC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108093188.00000196BEEC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEEC0000
|
| Size: |
4096
|
|
|
1040000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2107802161.0000000001040000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1040000
|
| Size: |
65536
|
|
|
C05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913288548.0000000000C05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C05000
|
| Size: |
45056
|
|
|
66F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2119162062.00000000066F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66F0000
|
| Size: |
65536
|
|
|
4FCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FCD000
|
| Size: |
16384
|
|
|
4FE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115148148.0000000004FE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FE6000
|
| Size: |
40960
|
|
|
9521477000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104272843.0000009521477000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521477000
|
| Size: |
36864
|
|
|
288D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890535800.000000000288D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
288D000
|
| Size: |
12288
|
|
|
DBB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106593737.0000000000DBB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DBB000
|
| Size: |
4096
|
|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D61000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FEC000
|
| Size: |
4096
|
|
|
2CCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCF000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
AF4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885621689.000000000AF4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF4D000
|
| Size: |
12288
|
|
|
9521EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105206601.0000009521EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521EFE000
|
| Size: |
8192
|
|
|
42C000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000042C000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42C000
|
| Size: |
4096
|
|
|
196BF0F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108978546.00000196BF0F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0F5000
|
| Size: |
20480
|
|
|
1AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.856949066.00000000001AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1AD000
|
| Size: |
12288
|
|
|
67B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2119886935.00000000067B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67B6000
|
| Size: |
4096
|
|
|
2E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
8192
|
|
|
196BEF90000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1213762820.00000196BEF90000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF90000
|
| Size: |
4096
|
|
|
952257E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105854571.000000952257E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
952257E000
|
| Size: |
8192
|
|
|
196BEE49000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207520567.00000196BEE49000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE49000
|
| Size: |
28672
|
|
|
C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105772660.0000000000C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
8192
|
|
|
2930000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890711190.0000000002930000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2930000
|
| Size: |
4096
|
|
|
667D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119108805.000000000667D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
667D000
|
| Size: |
12288
|
|
|
2BE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE5000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
196BA301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107414195.00000196BA301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BA301000
|
| Size: |
4096
|
|
|
50F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116109052.00000000050F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50F3000
|
| Size: |
8192
|
|
|
952267E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105915733.000000952267E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952267E000
|
| Size: |
4096
|
|
|
8F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911803760.00000000008F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8F3000
|
| Size: |
12288
|
|
|
F46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000F46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F46000
|
| Size: |
4096
|
|
|
4CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917908270.0000000004CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CC0000
|
| Size: |
28672
|
|
|
3ED9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.916297343.0000000003ED9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED9000
|
| Size: |
176128
|
|
|
B400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922123446.000000000B400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B400000
|
| Size: |
4096
|
|
|
60EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116370178.00000000060EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60EE000
|
| Size: |
8192
|
|
|
5100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114140218.0000000005100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5100000
|
| Size: |
65536
|
|
|
196BEF90000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1213748316.00000196BEF90000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF90000
|
| Size: |
4096
|
|
|
6DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884638541.0000000006DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DDE000
|
| Size: |
8192
|
|
|
9E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.00000000009E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E8000
|
| Size: |
24576
|
|
|
2490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857000745.0000000002490000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2490000
|
| Size: |
4096
|
|
|
B60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.912960867.0000000000B60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B60000
|
| Size: |
65536
|
|
|
196BF0C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108553008.00000196BF0C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0C0000
|
| Size: |
12288
|
|
|
51A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.918461512.00000000051A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51A0000
|
| Size: |
65536
|
|
|
D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913384209.0000000000D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D1E000
|
| Size: |
8192
|
|
|
5A0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883967243.0000000005A0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0A000
|
| Size: |
8192
|
|
|
196BEEC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1209537460.00000196BEEC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEEC0000
|
| Size: |
4096
|
|
|
3DA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003DA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DA2000
|
| Size: |
8192
|
|
|
4F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918135843.0000000004F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F30000
|
| Size: |
65536
|
|
|
6700000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2119256812.0000000006700000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6700000
|
| Size: |
8192
|
|
|
4E73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883433645.0000000004E73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E73000
|
| Size: |
8192
|
|
|
DA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106356733.0000000000DA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DA2000
|
| Size: |
4096
|
|
|
66E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119887978.00000000066E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66E0000
|
| Size: |
65536
|
|
|
443000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000443000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
443000
|
| Size: |
4096
|
|
|
28E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881692516.00000000028E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E0000
|
| Size: |
4096
|
|
|
196B9A8F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9A8F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A8F000
|
| Size: |
8192
|
|
|
61F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116549185.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61F0000
|
| Size: |
159744
|
|
|
2ABD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002ABD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABD000
|
| Size: |
36864
|
|
|
A9A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880365225.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A9A000
|
| Size: |
4096
|
|
|
420000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000420000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
420000
|
| Size: |
32768
|
|
|
2A27000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107487165.0000000002A27000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A27000
|
| Size: |
4096
|
|
|
5250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883723489.0000000005250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5250000
|
| Size: |
65536
|
|
|
DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106631726.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
3A89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003A89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A89000
|
| Size: |
176128
|
|
|
2D4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D4D000
|
| Size: |
4096
|
|
|
6800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120252910.0000000006800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6800000
|
| Size: |
40960
|
|
|
6696000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118294532.0000000006696000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6696000
|
| Size: |
8192
|
|
|
6EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884660573.0000000006EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EDF000
|
| Size: |
4096
|
|
|
3F55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F55000
|
| Size: |
4096
|
|
|
77D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911571537.000000000077D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77D000
|
| Size: |
12288
|
|
|
5978000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918724743.0000000005978000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5978000
|
| Size: |
4096
|
|
|
196B9AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9AA0000
|
| Size: |
81920
|
|
|
912000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911937452.0000000000912000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
912000
|
| Size: |
4096
|
|
|
2FEE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FEE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FEE000
|
| Size: |
4096
|
|
|
3B36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B36000
|
| Size: |
4096
|
|
|
2CED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
73C4D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.886214892.0000000073C4D000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C4D000
|
| Size: |
8192
|
|
|
66A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118559452.00000000066A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66A0000
|
| Size: |
49152
|
|
|
A92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880319125.0000000000A92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A92000
|
| Size: |
4096
|
|
|
AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880561138.0000000000AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF0000
|
| Size: |
65536
|
|
|
2DB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB5000
|
| Size: |
376832
|
|
|
4C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114266812.0000000004C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C3E000
|
| Size: |
8192
|
|
|
6226000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.0000000006226000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6226000
|
| Size: |
12288
|
|
|
8E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911715703.00000000008E3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8E3000
|
| Size: |
4096
|
|
|
D28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913405204.0000000000D28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D28000
|
| Size: |
4096
|
|
|
4C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.917800743.0000000004C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
65536
|
|
|
EC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000EC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC3000
|
| Size: |
4096
|
|
|
C10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913356011.0000000000C10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C10000
|
| Size: |
16384
|
|
|
196BF0FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108978546.00000196BF0FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0FB000
|
| Size: |
12288
|
|
|
9521D7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105012333.0000009521D7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9521D7E000
|
| Size: |
4096
|
|
|
196BA015000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107312132.00000196BA015000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA015000
|
| Size: |
4096
|
|
|
6817000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120310826.0000000006817000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6817000
|
| Size: |
36864
|
|
|
6666000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118902421.0000000006666000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6666000
|
| Size: |
8192
|
|
|
2D5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5D000
|
| Size: |
4096
|
|
|
196BEF20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108154485.00000196BEF20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF20000
|
| Size: |
4096
|
|
|
196B9910000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106525931.00000196B9910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9910000
|
| Size: |
4096
|
|
|
AE80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885536425.000000000AE80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AE80000
|
| Size: |
4096
|
|
|
3D77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D77000
|
| Size: |
4096
|
|
|
565E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116557517.000000000565E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
8192
|
|
|
2D12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D12000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912908046.0000000000B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3E000
|
| Size: |
8192
|
|
|
54DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116295519.00000000054DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54DE000
|
| Size: |
8192
|
|
|
E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106670374.0000000000E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E1E000
|
| Size: |
8192
|
|
|
94E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.000000000094E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94E000
|
| Size: |
151552
|
|
|
B10000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880622825.0000000000B10000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
B10000
|
| Size: |
4096
|
|
|
4B16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004B16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B16000
|
| Size: |
16384
|
|
|
3D47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D47000
|
| Size: |
16384
|
|
|
59F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883967243.00000000059F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59F0000
|
| Size: |
12288
|
|
|
196BEDF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1284230221.00000196BEDF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEDF1000
|
| Size: |
4096
|
|
|
196B9A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106752343.00000196B9A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A5B000
|
| Size: |
65536
|
|
|
2E25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E25000
|
| Size: |
4096
|
|
|
5180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918309989.0000000005180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5180000
|
| Size: |
57344
|
|
|
3F42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F42000
|
| Size: |
16384
|
|
|
7B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911596442.00000000007B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B5000
|
| Size: |
12288
|
|
|
2A8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890868838.0000000002A8F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2A8F000
|
| Size: |
4096
|
|
|
287D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.000000000287D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
287D000
|
| Size: |
69632
|
|
|
57EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116140315.00000000057EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57EE000
|
| Size: |
8192
|
|
|
F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881227289.0000000000F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F9F000
|
| Size: |
4096
|
|
|
2BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890981401.0000000002BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BB0000
|
| Size: |
32768
|
|
|
9522D7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106323204.0000009522D7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9522D7E000
|
| Size: |
4096
|
|
|
EAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EAE000
|
| Size: |
45056
|
|
|
655E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118701308.000000000655E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
655E000
|
| Size: |
8192
|
|
|
3BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BE0000
|
| Size: |
4096
|
|
|
2F5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5A000
|
| Size: |
16384
|
|
|
5170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115074865.0000000005170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5170000
|
| Size: |
4096
|
|
|
3F9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F9F000
|
| Size: |
4096
|
|
|
2920000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.881790445.0000000002920000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2920000
|
| Size: |
65536
|
|
|
3EC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003EC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EC7000
|
| Size: |
12288
|
|
|
2B04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B04000
|
| Size: |
4096
|
|
|
6820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120459607.0000000006820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6820000
|
| Size: |
40960
|
|
|
3D42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003D42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D42000
|
| Size: |
12288
|
|
|
6B64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920270123.0000000006B64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B64000
|
| Size: |
4096
|
|
|
67E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2119983744.00000000067E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67E4000
|
| Size: |
36864
|
|
|
196BA113000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107392279.00000196BA113000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA113000
|
| Size: |
28672
|
|
|
3F2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F2D000
|
| Size: |
4096
|
|
|
A73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880184154.0000000000A73000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A73000
|
| Size: |
4096
|
|
|
95226FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105956828.00000095226FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95226FE000
|
| Size: |
8192
|
|
|
952237E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105659975.000000952237E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952237E000
|
| Size: |
4096
|
|
|
B04E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885783877.000000000B04E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B04E000
|
| Size: |
8192
|
|
|
EBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EBA000
|
| Size: |
8192
|
|
|
2E34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E34000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
B1BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922030665.000000000B1BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1BD000
|
| Size: |
12288
|
|
|
4CCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917908270.0000000004CCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CCF000
|
| Size: |
4096
|
|
|
3B06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B06000
|
| Size: |
16384
|
|
|
930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912001123.0000000000930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
561E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116485645.000000000561E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
561E000
|
| Size: |
8192
|
|
|
4FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115148148.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FE0000
|
| Size: |
4096
|
|
|
4FA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FA6000
|
| Size: |
8192
|
|
|
2BF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002BF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BF4000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5F9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117069182.0000000005F9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F9D000
|
| Size: |
12288
|
|
|
A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880245726.0000000000A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
8192
|
|
|
D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106190929.0000000000D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
45056
|
|
|
444000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000444000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
444000
|
| Size: |
4096
|
|
|
632D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117400181.000000000632D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
632D000
|
| Size: |
12288
|
|
|
D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881153131.0000000000D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D7E000
|
| Size: |
8192
|
|
|
2AD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD3000
|
| Size: |
4096
|
|
|
2B6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107668150.0000000002B6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B6C000
|
| Size: |
16384
|
|
|
196BF02B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108350124.00000196BF02B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF02B000
|
| Size: |
65536
|
|
|
29F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106957247.00000000029F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F0000
|
| Size: |
8192
|
|
|
67F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120083566.00000000067F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F0000
|
| Size: |
4096
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881248245.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
32768
|
|
|
5420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883930703.0000000005420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5420000
|
| Size: |
65536
|
|
|
6694000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118294532.0000000006694000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6694000
|
| Size: |
4096
|
|
|
196BF0D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108829845.00000196BF0D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0D0000
|
| Size: |
20480
|
|
|
2AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890915755.0000000002AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
24576
|
|
|
196BF0D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108829845.00000196BF0D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0D6000
|
| Size: |
86016
|
|
|
196BEC00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107918075.00000196BEC00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEC00000
|
| Size: |
4096
|
|
|
29F3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107004685.00000000029F3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29F3000
|
| Size: |
4096
|
|
|
29FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107089516.00000000029FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29FD000
|
| Size: |
4096
|
|
|
2CD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD5000
|
| Size: |
4096
|
|
|
2C25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C25000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
43D000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000043D000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43D000
|
| Size: |
4096
|
|
|
BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913247757.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
65536
|
|
|
2AC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002AC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC8000
|
| Size: |
16384
|
|
|
BD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913134545.0000000000BD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BD6000
|
| Size: |
40960
|
|
|
3949000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.882828627.0000000003949000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3949000
|
| Size: |
4096
|
|
|
B17C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922004395.000000000B17C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B17C000
|
| Size: |
16384
|
|
|
97F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.000000000097F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
97F000
|
| Size: |
4096
|
|
|
91B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911980513.000000000091B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
91B000
|
| Size: |
4096
|
|
|
5283000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115281510.0000000005283000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5283000
|
| Size: |
8192
|
|
|
BB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000BB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB5000
|
| Size: |
32768
|
|
|
27B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913548447.00000000027B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
4173824
|
|
|
59BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918871327.00000000059BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59BD000
|
| Size: |
200704
|
|
|
64BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117640789.00000000064BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64BE000
|
| Size: |
8192
|
|
|
2FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FE4000
|
| Size: |
12288
|
|
|
981000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.0000000000981000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
981000
|
| Size: |
368640
|
|
|
196BA002000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107253470.00000196BA002000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA002000
|
| Size: |
4096
|
|
|
EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF5000
|
| Size: |
8192
|
|
|
2B1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1C000
|
| Size: |
4096
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911525735.0000000000720000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
4096
|
|
|
3EB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EB1000
|
| Size: |
4096
|
|
|
5285000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883812746.0000000005285000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5285000
|
| Size: |
40960
|
|
|
4B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917494360.0000000004B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B60000
|
| Size: |
65536
|
|
|
E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913457563.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
32768
|
|
|
FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106732042.0000000000FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FCE000
|
| Size: |
8192
|
|
|
B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880651311.0000000000B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5E000
|
| Size: |
8192
|
|
|
3BA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911466765.00000000003BA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BA000
|
| Size: |
24576
|
|
|
196BA650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107470170.00000196BA650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BA650000
|
| Size: |
4096
|
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D09000
|
| Size: |
12288
|
|
|
C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105578712.0000000000C00000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
2FBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FBD000
|
| Size: |
8192
|
|
|
6870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120695157.0000000006870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6870000
|
| Size: |
4096
|
|
|
952297E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106128108.000000952297E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952297E000
|
| Size: |
4096
|
|
|
56A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116712050.00000000056A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56A0000
|
| Size: |
53248
|
|
|
5116000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.0000000005116000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5116000
|
| Size: |
8192
|
|
|
A7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.880217426.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A7D000
|
| Size: |
4096
|
|
|
196BEE34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207762654.00000196BEE34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE34000
|
| Size: |
4096
|
|
|
4C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917746535.0000000004C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C80000
|
| Size: |
65536
|
|
|
4B1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004B1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B1D000
|
| Size: |
16384
|
|
|
E98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E98000
|
| Size: |
86016
|
|
|
196B9FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107190766.00000196B9FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196B9FA0000
|
| Size: |
4096
|
|
|
2BE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002BE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE9000
|
| Size: |
4096
|
|
|
952167E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104491082.000000952167E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
952167E000
|
| Size: |
8192
|
|
|
A8CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921419436.000000000A8CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8CE000
|
| Size: |
8192
|
|
|
524D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883702098.000000000524D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
524D000
|
| Size: |
12288
|
|
|
BC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BC2000
|
| Size: |
380928
|
|
|
264B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857612695.000000000264B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
264B000
|
| Size: |
98304
|
|
|
4BC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917682566.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC0000
|
| Size: |
36864
|
|
|
AE90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885584527.000000000AE90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AE90000
|
| Size: |
4096
|
|
|
CA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105830294.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA5000
|
| Size: |
16384
|
|
|
2A4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890846021.0000000002A4E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2A4E000
|
| Size: |
8192
|
|
|
2800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.858174082.0000000002800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2800000
|
| Size: |
16384
|
|
|
2F2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2A000
|
| Size: |
4096
|
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D51000
|
| Size: |
4096
|
|
|
2D72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D72000
|
| Size: |
4096
|
|
|
596C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918724743.000000000596C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
596C000
|
| Size: |
8192
|
|
|
2D18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D18000
|
| Size: |
16384
|
|
|
40E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000040E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
40E000
|
| Size: |
4096
|
|
|
621F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116549185.000000000621F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
621F000
|
| Size: |
4096
|
|
|
5154000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114794481.0000000005154000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5154000
|
| Size: |
49152
|
|
|
6690000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119442383.0000000006690000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6690000
|
| Size: |
4096
|
|
|
507D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115809422.000000000507D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
507D000
|
| Size: |
12288
|
|
|
665E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118753376.000000000665E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
665E000
|
| Size: |
8192
|
|
|
4AFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004AFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AFB000
|
| Size: |
69632
|
|
|
6CE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.884397942.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CE0000
|
| Size: |
65536
|
|
|
4FC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FC6000
|
| Size: |
16384
|
|
|
196BEDF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1228222200.00000196BEDF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEDF0000
|
| Size: |
4096
|
|
|
4FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115394306.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
65536
|
|
|
2B80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107769936.0000000002B80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2B80000
|
| Size: |
65536
|
|
|
196B9B29000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107170367.00000196B9B29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9B29000
|
| Size: |
4096
|
|
|
4CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917990954.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
6C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2121187257.0000000006C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C50000
|
| Size: |
8192
|
|
|
2D45000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D45000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D45000
|
| Size: |
4096
|
|
|
9520E9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104140353.0000009520E9B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9520E9B000
|
| Size: |
20480
|
|
|
5136000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.0000000005136000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5136000
|
| Size: |
16384
|
|
|
2A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.890884429.0000000002A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
4096
|
|
|
A0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A0D000
|
| Size: |
204800
|
|
|
EF9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000EF9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF9000
|
| Size: |
4096
|
|
|
2D41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D41000
|
| Size: |
4096
|
|
|
B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912938035.0000000000B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B40000
|
| Size: |
4096
|
|
|
430000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000430000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
AACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885369210.000000000AACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AACF000
|
| Size: |
4096
|
|
|
2B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B20000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
53A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879684357.000000000053A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53A000
|
| Size: |
24576
|
|
|
A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880302170.0000000000A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
4096
|
|
|
51A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116260045.00000000051A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
440000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000440000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
2F2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
446000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000446000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
446000
|
| Size: |
4096
|
|
|
2FC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FC2000
|
| Size: |
98304
|
|
|
429000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000429000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
429000
|
| Size: |
4096
|
|
|
A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880161133.0000000000A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
8192
|
|
|
66C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119719847.00000000066C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66C0000
|
| Size: |
65536
|
|
|
2941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881827881.0000000002941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2941000
|
| Size: |
286720
|
|
|
196B9A7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9A7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A7B000
|
| Size: |
4096
|
|
|
42F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000042F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42F000
|
| Size: |
4096
|
|
|
9522C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106281121.0000009522C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9522C7E000
|
| Size: |
8192
|
|
|
5280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883812746.0000000005280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5280000
|
| Size: |
12288
|
|
|
5A60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.919201875.0000000005A60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A60000
|
| Size: |
65536
|
|
|
5E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116844339.0000000005E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E5F000
|
| Size: |
4096
|
|
|
9521C7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104947231.0000009521C7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521C7B000
|
| Size: |
20480
|
|
|
B8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880749465.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B8E000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
ACCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885411377.000000000ACCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACCD000
|
| Size: |
12288
|
|
|
CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105830294.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA0000
|
| Size: |
16384
|
|
|
6830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120546180.0000000006830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6830000
|
| Size: |
32768
|
|
|
6760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120277196.0000000006760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6760000
|
| Size: |
65536
|
|
|
196BF064000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108553008.00000196BF064000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF064000
|
| Size: |
151552
|
|
|
6756000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120128384.0000000006756000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6756000
|
| Size: |
4096
|
|
|
285B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.000000000285B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
285B000
|
| Size: |
69632
|
|
|
9522F7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106393656.0000009522F7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9522F7E000
|
| Size: |
4096
|
|
|
196BF0BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108553008.00000196BF0BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0BE000
|
| Size: |
4096
|
|
|
196BEF40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108231551.00000196BEF40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF40000
|
| Size: |
4096
|
|
|
E48000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000E48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E48000
|
| Size: |
135168
|
|
|
5FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879925363.00000000005FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FE000
|
| Size: |
8192
|
|
|
73C30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.886069406.0000000073C30000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C30000
|
| Size: |
4096
|
|
|
3D32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D32000
|
| Size: |
4096
|
|
|
2DAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002DAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DAB000
|
| Size: |
442368
|
|
|
2B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B10000
|
| Size: |
4096
|
|
|
94A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.000000000094A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94A000
|
| Size: |
8192
|
|
|
5410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883895199.0000000005410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5410000
|
| Size: |
65536
|
|
|
AA4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921527554.000000000AA4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA4D000
|
| Size: |
12288
|
|
|
F3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107624235.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F3A000
|
| Size: |
20480
|
|
|
196B9A43000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106707300.00000196B9A43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A43000
|
| Size: |
94208
|
|
|
55EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115738083.00000000055EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55EF000
|
| Size: |
4096
|
|
|
5D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116797164.0000000005D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D5E000
|
| Size: |
8192
|
|
|
4B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917546915.0000000004B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B90000
|
| Size: |
4096
|
|
|
2E66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E66000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
408000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000408000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
408000
|
| Size: |
4096
|
|
|
899000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105432935.0000000000899000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
899000
|
| Size: |
28672
|
|
|
67D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120711687.00000000067D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67D0000
|
| Size: |
40960
|
|
|
196BF03F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108350124.00000196BF03F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF03F000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2FE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FE9000
|
| Size: |
8192
|
|
|
2E27000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E27000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E27000
|
| Size: |
4096
|
|
|
26AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913524682.00000000026AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
26AE000
|
| Size: |
8192
|
|
|
A83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880265761.0000000000A83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A83000
|
| Size: |
28672
|
|
|
196BA7E0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2107624917.00000196BA7E0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
196BA7E0000
|
| Size: |
65536
|
|
|
997000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2105507906.0000000000997000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
997000
|
| Size: |
36864
|
|
|
5AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884282136.0000000005AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AE0000
|
| Size: |
4096
|
|
|
66E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2119082989.00000000066E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66E0000
|
| Size: |
65536
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
196B9830000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106503109.00000196B9830000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9830000
|
| Size: |
4096
|
|
|
196B9A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106554848.00000196B9A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A00000
|
| Size: |
73728
|
|
|
2A2B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107518265.0000000002A2B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A2B000
|
| Size: |
4096
|
|
|
669A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2118294532.000000000669A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
669A000
|
| Size: |
24576
|
|
|
4FC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FC1000
|
| Size: |
16384
|
|
|
C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913288548.0000000000C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C00000
|
| Size: |
16384
|
|
|
6D90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.884599110.0000000006D90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6D90000
|
| Size: |
53248
|
|
|
2B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107845533.0000000002B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
4096
|
|
|
2F67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F67000
|
| Size: |
229376
|
|
|
E0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913457563.0000000000E0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E0A000
|
| Size: |
20480
|
|
|
66F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119988443.00000000066F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66F0000
|
| Size: |
65536
|
|
|
4D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918027096.0000000004D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D60000
|
| Size: |
8192
|
|
|
2890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881617314.0000000002890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2890000
|
| Size: |
65536
|
|
|
609D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117154530.000000000609D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
609D000
|
| Size: |
12288
|
|
|
5A08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883967243.0000000005A08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A08000
|
| Size: |
4096
|
|
|
6664000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118902421.0000000006664000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6664000
|
| Size: |
4096
|
|
|
2C12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002C12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C12000
|
| Size: |
8192
|
|
|
9521DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105078224.0000009521DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9521DFE000
|
| Size: |
8192
|
|
|
AB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.880448235.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB5000
|
| Size: |
12288
|
|
|
59F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883967243.00000000059F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59F4000
|
| Size: |
8192
|
|
|
9521F7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105272010.0000009521F7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9521F7E000
|
| Size: |
4096
|
|
|
3E37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003E37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E37000
|
| Size: |
12288
|
|
|
8D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911667238.00000000008D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8D0000
|
| Size: |
8192
|
|
|
196BED10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107969136.00000196BED10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BED10000
|
| Size: |
4096
|
|
|
518F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918309989.000000000518F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
518F000
|
| Size: |
4096
|
|
|
2B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B00000
|
| Size: |
4096
|
|
|
5270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115136584.0000000005270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
49152
|
|
|
3C3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003C3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C3E000
|
| Size: |
20480
|
|
|
512E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.000000000512E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
512E000
|
| Size: |
4096
|
|
|
4BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917616034.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
2D17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D17000
|
| Size: |
4096
|
|
|
196BEDF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207520567.00000196BEDF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEDF0000
|
| Size: |
360448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
196BEE20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108034918.00000196BEE20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE20000
|
| Size: |
4096
|
|
|
196BF057000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108437701.00000196BF057000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF057000
|
| Size: |
12288
|
|
|
2B6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B6A000
|
| Size: |
4096
|
|
|
401B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.000000000401B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
401B000
|
| Size: |
12288
|
|
|
AB4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921557999.000000000AB4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB4D000
|
| Size: |
12288
|
|
|
4169000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.882828627.0000000004169000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4169000
|
| Size: |
180224
|
|
|
4FAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FAE000
|
| Size: |
12288
|
|
|
2BEF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BEF000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
576D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116032831.000000000576D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
576D000
|
| Size: |
12288
|
|
|
9522A7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106180960.0000009522A7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9522A7B000
|
| Size: |
20480
|
|
|
2FB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FB4000
|
| Size: |
4096
|
|
|
2F0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F0C000
|
| Size: |
4096
|
|
|
66D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2118968285.00000000066D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66D0000
|
| Size: |
65536
|
|
|
2A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107591810.0000000002A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A8E000
|
| Size: |
8192
|
|
|
B07C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921975901.000000000B07C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B07C000
|
| Size: |
16384
|
|
|
196BF10C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1280473303.00000196BF10C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF10C000
|
| Size: |
4096
|
|
|
61EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2116435490.00000000061EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61EF000
|
| Size: |
4096
|
|
|
718E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884757845.000000000718E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
718E000
|
| Size: |
8192
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105799825.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
28672
|
|
|
2E2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E2F000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D80000
|
| Size: |
98304
|
|
|
9521E7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105143718.0000009521E7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9521E7E000
|
| Size: |
4096
|
|
|
28E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881692516.00000000028E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E2000
|
| Size: |
57344
|
|
|
196BEE30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207762654.00000196BEE30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEE30000
|
| Size: |
4096
|
|
|
675A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120128384.000000000675A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
675A000
|
| Size: |
4096
|
|
|
196B9AB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9AB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9AB7000
|
| Size: |
16384
|
|
|
2A1A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107327684.0000000002A1A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A1A000
|
| Size: |
8192
|
|
|
3A61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003A61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A61000
|
| Size: |
36864
|
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D69000
|
| Size: |
8192
|
|
|
BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913134545.0000000000BD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
4096
|
|
|
2D1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002D1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1B000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
25FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857128943.00000000025FF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
25FF000
|
| Size: |
4096
|
|
|
4D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114044761.0000000004D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D9E000
|
| Size: |
8192
|
|
|
196BA102000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107334146.00000196BA102000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BA102000
|
| Size: |
32768
|
|
|
73C31000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.886112053.0000000073C31000.00000020.00000001.01000000.0000000C.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
73C31000
|
| Size: |
86016
|
|
|
569D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116639804.000000000569D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
569D000
|
| Size: |
12288
|
|
|
D8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106148465.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D8D000
|
| Size: |
4096
|
|
|
4B11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004B11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B11000
|
| Size: |
16384
|
|
|
704E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.920700246.000000000704E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
704E000
|
| Size: |
8192
|
|
|
2930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881811999.0000000002930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2930000
|
| Size: |
4096
|
|
|
AE6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885517350.000000000AE6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE6E000
|
| Size: |
8192
|
|
|
3F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F83000
|
| Size: |
12288
|
|
|
B70000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.913018059.0000000000B70000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
B70000
|
| Size: |
4096
|
|
|
2C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107879271.0000000002C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C9E000
|
| Size: |
8192
|
|
|
95222FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2105602775.00000095222FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95222FE000
|
| Size: |
8192
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879946640.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
952357E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2106447526.000000952357E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952357E000
|
| Size: |
4096
|
|
|
66A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2119527840.00000000066A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66A0000
|
| Size: |
65536
|
|
|
67C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120562508.00000000067C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C5000
|
| Size: |
45056
|
|
|
196BF05D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108437701.00000196BF05D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF05D000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
196B9A8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9A8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A8B000
|
| Size: |
4096
|
|
|
906000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911886104.0000000000906000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
906000
|
| Size: |
8192
|
|
|
28C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881648923.00000000028C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28C0000
|
| Size: |
4096
|
|
|
196BF0C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108829845.00000196BF0C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0C4000
|
| Size: |
40960
|
|
|
B2FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.922077958.000000000B2FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2FE000
|
| Size: |
8192
|
|
|
3DDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003DDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DDA000
|
| Size: |
12288
|
|
|
2910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881769464.0000000002910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2910000
|
| Size: |
65536
|
|
|
5A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.919201875.0000000005A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A50000
|
| Size: |
4096
|
|
|
196BEF40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1207605252.00000196BEF40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF40000
|
| Size: |
4096
|
|
|
43E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.000000000043E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43E000
|
| Size: |
4096
|
|
|
4CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917854765.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CB0000
|
| Size: |
65536
|
|
|
3E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E21000
|
| Size: |
4096
|
|
|
1010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2106778642.0000000001010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1010000
|
| Size: |
16384
|
|
|
196BF102000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2109048862.00000196BF102000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF102000
|
| Size: |
12288
|
|
|
E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881210090.0000000000E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E9E000
|
| Size: |
8192
|
|
|
67F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120083566.00000000067F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F2000
|
| Size: |
8192
|
|
|
2A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107222059.0000000002A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A10000
|
| Size: |
4096
|
|
|
277E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.857916697.000000000277E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
277E000
|
| Size: |
8192
|
|
|
5A3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.884102017.0000000005A3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A3B000
|
| Size: |
425984
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
63BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117549214.00000000063BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63BE000
|
| Size: |
8192
|
|
|
3E7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003E7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E7F000
|
| Size: |
20480
|
|
|
2CCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002CCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCA000
|
| Size: |
4096
|
|
|
28F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881734885.00000000028F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
36864
|
|
|
54A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2115440332.00000000054A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
4F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918257945.0000000004F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
67F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2120898968.00000000067F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F0000
|
| Size: |
40960
|
|
|
4005000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000004005000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4005000
|
| Size: |
4096
|
|
|
196B9A8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2106854897.00000196B9A8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196B9A8D000
|
| Size: |
4096
|
|
|
6780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2119528886.0000000006780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6780000
|
| Size: |
45056
|
|
|
636E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2117494803.000000000636E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
636E000
|
| Size: |
8192
|
|
|
DB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106487697.0000000000DB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB2000
|
| Size: |
4096
|
|
|
AA0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921494148.000000000AA0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA0E000
|
| Size: |
8192
|
|
|
E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106800014.0000000000E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
24576
|
|
|
54ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115544431.00000000054ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54ED000
|
| Size: |
12288
|
|
|
196C0000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2109153440.00000196C0000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196C0000000
|
| Size: |
4096
|
|
|
A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879968467.0000000000A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A0E000
|
| Size: |
8192
|
|
|
622F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2117408282.000000000622F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
622F000
|
| Size: |
32768
|
|
|
4E6B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883408571.0000000004E6B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E6B000
|
| Size: |
20480
|
|
|
902000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911863249.0000000000902000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
902000
|
| Size: |
4096
|
|
|
50FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918279190.00000000050FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FD000
|
| Size: |
12288
|
|
|
2F17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002F17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
4096
|
|
|
3B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B60000
|
| Size: |
12288
|
|
|
6840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2120607751.0000000006840000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6840000
|
| Size: |
45056
|
|
|
40F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.000000000040F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
40F000
|
| Size: |
4096
|
|
|
5190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918390655.0000000005190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
65536
|
|
|
5080000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2115921748.0000000005080000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5080000
|
| Size: |
4096
|
|
|
D9D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106274662.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D9D000
|
| Size: |
4096
|
|
|
2D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.891039873.0000000002D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
16384
|
|
|
196BEB90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107849952.00000196BEB90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEB90000
|
| Size: |
4096
|
|
|
441000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2104173204.0000000000441000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
4096
|
|
|
9DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.00000000009DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DD000
|
| Size: |
4096
|
|
|
2B14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2108200144.0000000002B14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B14000
|
| Size: |
4096
|
|
|
196BEF90000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1213728628.00000196BEF90000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEF90000
|
| Size: |
4096
|
|
|
4E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883433645.0000000004E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
4096
|
|
|
50A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883678306.00000000050A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50A0000
|
| Size: |
8192
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2105756424.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
8192
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.879736121.00000000005A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
4096
|
|
|
6810000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2121068723.0000000006810000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6810000
|
| Size: |
45056
|
|
|
2CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CF1000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.913134545.0000000000BD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BD4000
|
| Size: |
4096
|
|
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.917565143.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
65536
|
|
|
952247E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.2105798014.000000952247E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
952247E000
|
| Size: |
4096
|
|
|
2A16000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107283383.0000000002A16000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A16000
|
| Size: |
8192
|
|
|
4B30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917439339.0000000004B30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B30000
|
| Size: |
65536
|
|
|
5F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2116899428.0000000005F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F5E000
|
| Size: |
8192
|
|
|
6676000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2119108805.0000000006676000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6676000
|
| Size: |
4096
|
|
|
4FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FAB000
|
| Size: |
8192
|
|
|
E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2106750239.0000000000E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E30000
|
| Size: |
16384
|
|
|
F7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2107773349.0000000000F7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F7F000
|
| Size: |
4096
|
|
|
952187C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2104679717.000000952187C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
952187C000
|
| Size: |
16384
|
|
|
5000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2115610711.0000000005000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
49152
|
|
|
2A12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107255459.0000000002A12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A12000
|
| Size: |
4096
|
|
|
3D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D70000
|
| Size: |
16384
|
|
|
8CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.911641476.00000000008CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CE000
|
| Size: |
8192
|
|
|
B40C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.885985690.000000000B40C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B40C000
|
| Size: |
16384
|
|
|
59A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918871327.00000000059A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59A6000
|
| Size: |
8192
|
|
|
196BEED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108129555.00000196BEED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
196BEED0000
|
| Size: |
4096
|
|
|
3D21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003D21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D21000
|
| Size: |
16384
|
|
|
29F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107045954.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F4000
|
| Size: |
8192
|
|
|
4DC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.918091839.0000000004DC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
3C12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2112664321.0000000003C12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C12000
|
| Size: |
4096
|
|
|
2FB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FB1000
|
| Size: |
8192
|
|
|
917000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.911958514.0000000000917000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
917000
|
| Size: |
4096
|
|
|
3DA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2112355659.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DA5000
|
| Size: |
12288
|
|
|
594F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.918707502.000000000594F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
594F000
|
| Size: |
4096
|
|
|
5280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115281510.0000000005280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
2E61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2107934491.0000000002E61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E61000
|
| Size: |
4096
|
|
|
512A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2114236052.000000000512A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
512A000
|
| Size: |
4096
|
|
|
940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.912021017.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
36864
|
|
|
434000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2104133781.0000000000434000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
434000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
196BF0EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108829845.00000196BF0EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF0EE000
|
| Size: |
20480
|
|
|
4AF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.917182360.0000000004AF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF4000
|
| Size: |
16384
|
|
|
572F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2115968728.000000000572F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572F000
|
| Size: |
4096
|
|
|
507E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.883616493.000000000507E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
507E000
|
| Size: |
8192
|
|
|
2A46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881827881.0000000002A46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A46000
|
| Size: |
4173824
|
|
|
4FD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2114341775.0000000004FD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FD2000
|
| Size: |
49152
|
|
|
DB7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2106553358.0000000000DB7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DB7000
|
| Size: |
4096
|
|
|
196BF000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108261331.00000196BF000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF000000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
639E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2118591817.000000000639E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
639E000
|
| Size: |
8192
|
|
|
AEEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921949652.000000000AEEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AEEE000
|
| Size: |
8192
|
|
|
286E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.881348110.000000000286E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
286E000
|
| Size: |
8192
|
|
|
2B70000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2107730235.0000000002B70000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2B70000
|
| Size: |
4096
|
|
|
6810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2120310826.0000000006810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6810000
|
| Size: |
8192
|
|
|
196BF01E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2108261331.00000196BF01E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
196BF01E000
|
| Size: |
49152
|
|
|
196B9FB0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.2107223234.00000196B9FB0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
196B9FB0000
|
| Size: |
4096
|
|
|
ADAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.921901855.000000000ADAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ADAE000
|
| Size: |
8192
|
|
