|
7430000
|
trusted library section
|
page read and write
|
 |
|
|
| Name: |
00000007.00000002.1329575794.0000000007430000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7430000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
FB2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1322938988.0000000000FB2000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FB2000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6D41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475271585.0000000006D41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D41000
|
| Size: |
987136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475271585.0000000006C05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C05000
|
| Size: |
1277952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8260000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476429284.0000000008260000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8260000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
4800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327006354.0000000004800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5E05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.0000000005E05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E05000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8200000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418536498.0000000008200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8200000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
60BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.00000000060BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
60BF000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DD2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1319027553.0000000000DD2000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DD2000
|
| Size: |
249856
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7320000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329164028.0000000007320000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3406000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003406000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3406000
|
| Size: |
573440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3181000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003181000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3181000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5E39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.0000000005E39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E39000
|
| Size: |
1064960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8150000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475608911.0000000008150000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8150000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5F41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.0000000005F41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F41000
|
| Size: |
1560576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3131000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003131000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3131000
|
| Size: |
241664
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
5600000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472915709.0000000005600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5600000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311279297.0000000007400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7400000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
454A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000454A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
454A000
|
| Size: |
8192
|
|
|
5D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562381574.0000000005D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D9E000
|
| Size: |
8192
|
|
|
F01C7EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1392876418.000000F01C7EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01C7EA000
|
| Size: |
24576
|
|
|
812000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325532052.0000000000812000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
812000
|
| Size: |
98304
|
|
|
1115000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268516899.0000000001115000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1115000
|
| Size: |
4096
|
|
|
7510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314679636.0000000007510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7510000
|
| Size: |
65536
|
|
|
404A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000404A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404A000
|
| Size: |
8192
|
|
|
7510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313436789.0000000007510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7510000
|
| Size: |
65536
|
|
|
8232000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008232000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8232000
|
| Size: |
8192
|
|
|
4E39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E39000
|
| Size: |
4096
|
|
|
247623C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393190909.00000247623C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
247623C0000
|
| Size: |
4096
|
|
|
36C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426321015.00000000036C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36C5000
|
| Size: |
20480
|
|
|
44E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44E2000
|
| Size: |
8192
|
|
|
30D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532824024.00000000030D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D0000
|
| Size: |
4096
|
|
|
117C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296333726.000000000117C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
117C000
|
| Size: |
184320
|
|
|
FFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286901576.0000000000FFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
16384
|
|
|
36AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471696167.00000000036AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
4096
|
|
|
820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309468825.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
820000
|
| Size: |
36864
|
|
|
8390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422415735.0000000008390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8390000
|
| Size: |
65536
|
|
|
57B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57B4000
|
| Size: |
16384
|
|
|
C54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393435538.0000000000C54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C54000
|
| Size: |
4096
|
|
|
3503000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003503000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3503000
|
| Size: |
385024
|
|
|
11B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1284830630.00000000011B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B1000
|
| Size: |
327680
|
|
|
882000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310709926.0000000000882000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
882000
|
| Size: |
4096
|
|
|
4550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4550000
|
| Size: |
8192
|
|
|
452A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000452A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
452A000
|
| Size: |
8192
|
|
|
13DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.00000000013DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13DF000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
15F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531822343.00000000015F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15F0000
|
| Size: |
8192
|
|
|
65C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1567616537.00000000065C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
65C0000
|
| Size: |
65536
|
|
|
36D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D0000
|
| Size: |
16384
|
|
|
76C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572398275.00000000076C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76C2000
|
| Size: |
40960
|
|
|
3A7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A7B000
|
| Size: |
4096
|
|
|
5837000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473393808.0000000005837000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5837000
|
| Size: |
4096
|
|
|
7500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329718787.0000000007500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7500000
|
| Size: |
4096
|
|
|
3C91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C91000
|
| Size: |
8192
|
|
|
453E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000453E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
453E000
|
| Size: |
8192
|
|
|
5C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C20000
|
| Size: |
4096
|
|
|
6590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1566361773.0000000006590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6590000
|
| Size: |
65536
|
|
|
74C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548993865.00000000074C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
74C0000
|
| Size: |
8192
|
|
|
3790000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1312023618.0000000003790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3790000
|
| Size: |
8192
|
|
|
15B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531657772.00000000015B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B0000
|
| Size: |
16384
|
|
|
1E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311889929.0000000001E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E5F000
|
| Size: |
4096
|
|
|
44A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44A3000
|
| Size: |
8192
|
|
|
82D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325603305.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82D000
|
| Size: |
28672
|
|
|
5E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562422985.0000000005E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E9F000
|
| Size: |
4096
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310685276.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
12288
|
|
|
24762460000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393218633.0000024762460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762460000
|
| Size: |
24576
|
|
|
3BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BB0000
|
| Size: |
8192
|
|
|
86FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1330122154.00000000086FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
86FE000
|
| Size: |
8192
|
|
|
7FA70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1573806596.000000007FA70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FA70000
|
| Size: |
4096
|
|
|
7540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313340918.0000000007540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7540000
|
| Size: |
65536
|
|
|
3BF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BF6000
|
| Size: |
290816
|
|
|
8620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420507619.0000000008620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8620000
|
| Size: |
65536
|
|
|
5207000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472647511.0000000005207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5207000
|
| Size: |
12288
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308333906.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
3A72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A72000
|
| Size: |
24576
|
|
|
168B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1310457622.000000000168B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
168B000
|
| Size: |
53248
|
|
|
43A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43A3000
|
| Size: |
4096
|
|
|
9BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419818749.00000000009BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BF000
|
| Size: |
4096
|
|
|
47FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47FD000
|
| Size: |
4096
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308694272.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7703000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.0000000007703000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7703000
|
| Size: |
16384
|
|
|
45DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45DB000
|
| Size: |
16384
|
|
|
45E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45E5000
|
| Size: |
8192
|
|
|
3791000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003791000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3791000
|
| Size: |
4096
|
|
|
75C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313024574.00000000075C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75C0000
|
| Size: |
65536
|
|
|
3723000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415582555.0000000003723000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3723000
|
| Size: |
507904
|
|
|
30C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543220948.00000000030C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30C2000
|
| Size: |
4096
|
|
|
1DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000000.1392394991.00000000001DF000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1DF000
|
| Size: |
147456
|
|
|
73F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572160232.00000000073F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73F0000
|
| Size: |
32768
|
|
|
20E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000E.00000000.1392461867.000000000020E000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
20E000
|
| Size: |
8192
|
|
|
24762390000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393131349.0000024762390000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762390000
|
| Size: |
4096
|
|
|
34CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34CA000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3C6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C6B000
|
| Size: |
8192
|
|
|
361A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000361A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
361A000
|
| Size: |
36864
|
|
|
6DA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548103180.0000000006DA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA6000
|
| Size: |
40960
|
|
|
1099000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542066779.0000000001099000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1099000
|
| Size: |
28672
|
|
|
3712000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472010886.0000000003712000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3712000
|
| Size: |
262144
|
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3676000
|
| Size: |
294912
|
|
|
4802000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004802000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4802000
|
| Size: |
4096
|
|
|
339D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471222640.000000000339D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339D000
|
| Size: |
12288
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1325175295.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
36DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36DB000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3C96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C96000
|
| Size: |
8192
|
|
|
73E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572012621.00000000073E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73E4000
|
| Size: |
49152
|
|
|
480E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000480E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
480E000
|
| Size: |
4096
|
|
|
10F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268462867.00000000010F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10F6000
|
| Size: |
131072
|
|
|
3647000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003647000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3647000
|
| Size: |
8192
|
|
|
1603000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2531938020.0000000001603000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1603000
|
| Size: |
4096
|
|
|
2F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532549203.0000000002F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
8192
|
|
|
2F90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532614810.0000000002F90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F90000
|
| Size: |
65536
|
|
|
37A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415157835.00000000037A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37A0000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8235000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008235000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8235000
|
| Size: |
36864
|
|
|
3689000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418083288.0000000003689000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3689000
|
| Size: |
12288
|
|
|
4898000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004898000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4898000
|
| Size: |
8192
|
|
|
8218000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008218000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8218000
|
| Size: |
4096
|
|
|
4401000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326842527.0000000004401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4401000
|
| Size: |
16384
|
|
|
37A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417170808.00000000037A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37A0000
|
| Size: |
1196032
|
|
|
9FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419818749.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FC000
|
| Size: |
16384
|
|
|
4425000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004425000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4425000
|
| Size: |
4096
|
|
|
3220000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471046551.0000000003220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3220000
|
| Size: |
4096
|
|
|
13FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311126517.00000000013FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FE000
|
| Size: |
8192
|
|
|
7290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548832833.0000000007290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7290000
|
| Size: |
4096
|
|
|
72E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E2000
|
| Size: |
8192
|
|
|
681E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570113717.000000000681E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
681E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
6C90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547736746.0000000006C90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C90000
|
| Size: |
4096
|
|
|
5B62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B62000
|
| Size: |
36864
|
|
|
6C3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547213562.0000000006C3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C3D000
|
| Size: |
12288
|
|
|
4E1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E1E000
|
| Size: |
4096
|
|
|
7BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329941611.0000000007BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7BFC000
|
| Size: |
16384
|
|
|
3D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D7B000
|
| Size: |
8192
|
|
|
30D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543428626.00000000030D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30D7000
|
| Size: |
4096
|
|
|
4880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4880000
|
| Size: |
8192
|
|
|
389B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000389B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
389B000
|
| Size: |
4096
|
|
|
1DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296473294.0000000001DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1DE0000
|
| Size: |
8192
|
|
|
5860000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473565344.0000000005860000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5860000
|
| Size: |
4096
|
|
|
8330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476537023.0000000008330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8330000
|
| Size: |
4096
|
|
|
4490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4490000
|
| Size: |
8192
|
|
|
8500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421657043.0000000008500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8500000
|
| Size: |
65536
|
|
|
4889000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004889000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4889000
|
| Size: |
8192
|
|
|
852000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309641019.0000000000852000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
852000
|
| Size: |
4096
|
|
|
69DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2546851860.00000000069DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69DD000
|
| Size: |
12288
|
|
|
10EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268545669.00000000010EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10EA000
|
| Size: |
49152
|
|
|
484D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000484D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
484D000
|
| Size: |
8192
|
|
|
326F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543599054.000000000326F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326F000
|
| Size: |
4096
|
|
|
3859000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003859000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3859000
|
| Size: |
24576
|
|
|
B14000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420603917.0000000000B14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B14000
|
| Size: |
8192
|
|
|
5815000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560929225.0000000005815000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5815000
|
| Size: |
45056
|
|
|
3AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AD0000
|
| Size: |
12288
|
|
|
1789000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311805363.0000000001789000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
122880
|
|
|
37A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415874579.00000000037A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37A0000
|
| Size: |
1196032
|
|
|
84E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553924883.00000000084E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84E0000
|
| Size: |
81920
|
|
|
17AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1298555034.00000000017AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17AE000
|
| Size: |
4096
|
|
|
16B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1310144223.00000000016B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B8000
|
| Size: |
593920
|
|
|
7C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1330002052.0000000007C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C3E000
|
| Size: |
8192
|
|
|
3794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1312023618.0000000003794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3794000
|
| Size: |
8192
|
|
|
72A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571356803.00000000072A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72A2000
|
| Size: |
12288
|
|
|
15C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531765701.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C0000
|
| Size: |
4096
|
|
|
204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.1418238481.0000000000204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
204000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
3642000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003642000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3642000
|
| Size: |
8192
|
|
|
4846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
8192
|
|
|
3324000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003324000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3324000
|
| Size: |
36864
|
|
|
59F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473943160.00000000059F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59F0000
|
| Size: |
65536
|
|
|
3493000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003493000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3493000
|
| Size: |
4096
|
|
|
36E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414617674.00000000036E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
36E0000
|
| Size: |
1196032
|
|
|
83E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325603305.000000000083E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83E000
|
| Size: |
16384
|
|
|
6C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547058335.0000000006C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C20000
|
| Size: |
28672
|
|
|
7EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573502868.0000000007EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7EEE000
|
| Size: |
8192
|
|
|
457A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000457A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
457A000
|
| Size: |
8192
|
|
|
83F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423850871.00000000083F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83F0000
|
| Size: |
65536
|
|
|
43FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326813775.00000000043FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43FA000
|
| Size: |
4096
|
|
|
30C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543305646.00000000030C6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30C6000
|
| Size: |
12288
|
|
|
8520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421586136.0000000008520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8520000
|
| Size: |
65536
|
|
|
AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324405445.00000000000AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB000
|
| Size: |
20480
|
|
|
38C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C2000
|
| Size: |
184320
|
|
|
4299000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305373896.0000000004299000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4299000
|
| Size: |
4096
|
|
|
3B75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B75000
|
| Size: |
4096
|
|
|
39D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D9000
|
| Size: |
8192
|
|
|
3FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC0000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563641150.0000000006530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6530000
|
| Size: |
65536
|
|
|
36C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36C9000
|
| Size: |
24576
|
|
|
5810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560929225.0000000005810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5810000
|
| Size: |
16384
|
|
|
4593000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004593000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4593000
|
| Size: |
16384
|
|
|
675E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545472799.000000000675E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
675E000
|
| Size: |
8192
|
|
|
368B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418110577.000000000368B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
368B000
|
| Size: |
4096
|
|
|
1632000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532300979.0000000001632000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1632000
|
| Size: |
4096
|
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4513000
|
| Size: |
8192
|
|
|
5B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544319189.0000000005B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B7D000
|
| Size: |
12288
|
|
|
317D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000317D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317D000
|
| Size: |
4096
|
|
|
88B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310970649.000000000088B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
88B000
|
| Size: |
53248
|
|
|
1DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1284285173.00000000001DF000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1DF000
|
| Size: |
147456
|
|
|
33F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471327928.00000000033F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33F0000
|
| Size: |
4096
|
|
|
7720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312762611.0000000007720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7720000
|
| Size: |
32768
|
|
|
803F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573643254.000000000803F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
803F000
|
| Size: |
4096
|
|
|
4538000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004538000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4538000
|
| Size: |
8192
|
|
|
36F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F7000
|
| Size: |
143360
|
|
|
67E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569796048.00000000067E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67E1000
|
| Size: |
12288
|
|
|
55E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55E6000
|
| Size: |
8192
|
|
|
4A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327313340.0000000004A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A7E000
|
| Size: |
8192
|
|
|
30A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543093175.00000000030A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A4000
|
| Size: |
12288
|
|
|
3A68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A68000
|
| Size: |
36864
|
|
|
1626000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532202400.0000000001626000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1626000
|
| Size: |
8192
|
|
|
15B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531657772.00000000015B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B7000
|
| Size: |
8192
|
|
|
1346000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.0000000001346000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1346000
|
| Size: |
16384
|
|
|
38A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A7000
|
| Size: |
4096
|
|
|
3350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543723136.0000000003350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3350000
|
| Size: |
65536
|
|
|
140E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311126517.000000000140E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
140E000
|
| Size: |
8192
|
|
|
204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000000.1392394991.0000000000204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
204000
|
| Size: |
40960
|
|
|
120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324476687.0000000000120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
120000
|
| Size: |
4096
|
|
|
CEE000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1421391247.0000000000CEE000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
CEE000
|
| Size: |
4096
|
|
|
30D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543387101.00000000030D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D2000
|
| Size: |
4096
|
|
|
CE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1404912730.0000000000CE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE7000
|
| Size: |
176128
|
|
|
32D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.00000000032D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D5000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
|
169F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542319997.000000000169F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
169F000
|
| Size: |
4096
|
|
|
6D90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2548018115.0000000006D90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6D90000
|
| Size: |
65536
|
|
|
88A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310592266.000000000088A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
88A000
|
| Size: |
57344
|
|
|
3B0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B0B000
|
| Size: |
290816
|
|
|
30D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543358000.00000000030D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D0000
|
| Size: |
4096
|
|
|
44C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44C1000
|
| Size: |
16384
|
|
|
39A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39A9000
|
| Size: |
8192
|
|
|
5832000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473370284.0000000005832000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5832000
|
| Size: |
4096
|
|
|
5C01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C01000
|
| Size: |
28672
|
|
|
3540000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414441403.0000000003540000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3540000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
158E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311297834.000000000158E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
158E000
|
| Size: |
8192
|
|
|
1789000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1298555034.0000000001789000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
122880
|
|
|
45CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45CB000
|
| Size: |
8192
|
|
|
35D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000035D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35D1000
|
| Size: |
290816
|
|
|
3FB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB6000
|
| Size: |
20480
|
|
|
85F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420737268.00000000085F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85F5000
|
| Size: |
45056
|
|
|
404D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000404D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404D000
|
| Size: |
8192
|
|
|
65A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1567106948.00000000065A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
65A0000
|
| Size: |
65536
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309505406.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
6560000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1563920726.0000000006560000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6560000
|
| Size: |
65536
|
|
|
67B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569623274.00000000067B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67B9000
|
| Size: |
20480
|
|
|
11B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1274680057.00000000011B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B6000
|
| Size: |
155648
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326578397.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
8192
|
|
|
43CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43CD000
|
| Size: |
4096
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325402982.00000000005E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
456E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000456E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
456E000
|
| Size: |
8192
|
|
|
3600000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471423103.0000000003600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3600000
|
| Size: |
69632
|
|
|
3C8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8A000
|
| Size: |
8192
|
|
|
7405000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329447784.0000000007405000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7405000
|
| Size: |
36864
|
|
|
8530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421546553.0000000008530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8530000
|
| Size: |
65536
|
|
|
3540000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413887434.0000000003540000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3540000
|
| Size: |
1187840
|
|
|
5EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563348206.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EF0000
|
| Size: |
65536
|
|
|
217000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1310881677.0000000000217000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
217000
|
| Size: |
860160
|
|
|
A801000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1427229863.000000000A801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A801000
|
| Size: |
86016
|
|
|
E8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324435309.00000000000E8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8000
|
| Size: |
32768
|
|
|
305F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393133560.000000000305F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
305F000
|
| Size: |
790528
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1285524245.0000000000470000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
470000
|
| Size: |
4096
|
|
|
7C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572994814.0000000007C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C0E000
|
| Size: |
8192
|
|
|
3F2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003F2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F2A000
|
| Size: |
516096
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308333906.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
43C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43C2000
|
| Size: |
4096
|
|
|
5840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561049917.0000000005840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5840000
|
| Size: |
61440
|
|
|
4A02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327128199.0000000004A02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A02000
|
| Size: |
4096
|
|
|
68F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.00000000068F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68F9000
|
| Size: |
4096
|
|
|
7330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571895505.0000000007330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7330000
|
| Size: |
65536
|
|
|
B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420742374.0000000000B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
20480
|
|
|
6580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1564182758.0000000006580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6580000
|
| Size: |
65536
|
|
|
3CB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003CB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CB2000
|
| Size: |
180224
|
|
|
3D74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D74000
|
| Size: |
8192
|
|
|
390000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419280571.0000000000390000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
390000
|
| Size: |
4096
|
|
|
4E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
356352
|
|
|
52E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000001.00000000.1267763245.000000000052E000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
52E000
|
| Size: |
8192
|
|
|
2FE8000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471024394.0000000002FE8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FE8000
|
| Size: |
32768
|
|
|
43FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43FA000
|
| Size: |
8192
|
|
|
7C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573032434.0000000007C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C4E000
|
| Size: |
8192
|
|
|
3734000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296581456.0000000003734000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3734000
|
| Size: |
8192
|
|
|
43BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43BB000
|
| Size: |
4096
|
|
|
3C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C5E000
|
| Size: |
16384
|
|
|
4407000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004407000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4407000
|
| Size: |
4096
|
|
|
44A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44A6000
|
| Size: |
4096
|
|
|
593C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544050573.000000000593C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
593C000
|
| Size: |
16384
|
|
|
6AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570717575.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AD0000
|
| Size: |
36864
|
|
|
7320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571836369.0000000007320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
65536
|
|
|
3765000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003765000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3765000
|
| Size: |
16384
|
|
|
247627A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393379374.00000247627A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
247627A0000
|
| Size: |
16384
|
|
|
3D9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D9C000
|
| Size: |
1626112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1476000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542184984.0000000001476000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1476000
|
| Size: |
28672
|
|
|
1668000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311474280.0000000001668000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1668000
|
| Size: |
110592
|
|
|
483B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000483B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483B000
|
| Size: |
8192
|
|
|
3BA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BA6000
|
| Size: |
8192
|
|
|
5400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472814977.0000000005400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
3643000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471604667.0000000003643000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3643000
|
| Size: |
57344
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530201143.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
8192
|
|
|
8204000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008204000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8204000
|
| Size: |
4096
|
|
|
45AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45AD000
|
| Size: |
8192
|
|
|
212000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000E.00000000.1392461867.0000000000212000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
212000
|
| Size: |
8192
|
|
|
8DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326158763.00000000008DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8DD000
|
| Size: |
40960
|
|
|
84D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553924883.00000000084D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84D0000
|
| Size: |
8192
|
|
|
6550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563816884.0000000006550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6550000
|
| Size: |
65536
|
|
|
107D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1291312801.000000000107D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
107D000
|
| Size: |
12288
|
|
|
4E41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E41000
|
| Size: |
4096
|
|
|
5212000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472760813.0000000005212000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5212000
|
| Size: |
12288
|
|
|
7500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313461074.0000000007500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7500000
|
| Size: |
65536
|
|
|
2C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326537112.0000000002C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C1E000
|
| Size: |
8192
|
|
|
24763F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393465362.0000024763F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24763F60000
|
| Size: |
4096
|
|
|
5955000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561219088.0000000005955000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5955000
|
| Size: |
16384
|
|
|
30D5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543408356.00000000030D5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30D5000
|
| Size: |
4096
|
|
|
3189000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003189000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3189000
|
| Size: |
16384
|
|
|
8380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422608989.0000000008380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8380000
|
| Size: |
65536
|
|
|
F01D2FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393053637.000000F01D2FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01D2FF000
|
| Size: |
4096
|
|
|
362B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000362B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
362B000
|
| Size: |
4096
|
|
|
8360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422784652.0000000008360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8360000
|
| Size: |
65536
|
|
|
41D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.00000000041D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41D2000
|
| Size: |
98304
|
|
|
67B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569569811.00000000067B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67B4000
|
| Size: |
16384
|
|
|
430E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1307555580.000000000430E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
430E000
|
| Size: |
24576
|
|
|
44B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44B5000
|
| Size: |
4096
|
|
|
376E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000376E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
376E000
|
| Size: |
28672
|
|
|
4E1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E1A000
|
| Size: |
4096
|
|
|
5950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561219088.0000000005950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5950000
|
| Size: |
12288
|
|
|
4299000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1307555580.0000000004299000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4299000
|
| Size: |
4096
|
|
|
170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324658688.0000000000170000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170000
|
| Size: |
4096
|
|
|
45D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45D0000
|
| Size: |
8192
|
|
|
47F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47F0000
|
| Size: |
8192
|
|
|
537000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1267811606.0000000000537000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
537000
|
| Size: |
860160
|
|
|
6FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548332244.0000000006FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FCE000
|
| Size: |
8192
|
|
|
1770000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1311752341.0000000001770000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1770000
|
| Size: |
20480
|
|
|
116D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296306844.000000000116D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
116D000
|
| Size: |
57344
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1470813231.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
3198000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003198000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3198000
|
| Size: |
4096
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1325175295.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
4E26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E26000
|
| Size: |
12288
|
|
|
7550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313318891.0000000007550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7550000
|
| Size: |
65536
|
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286488597.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
16384
|
|
|
7305000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.0000000007305000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7305000
|
| Size: |
4096
|
|
|
67A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569410060.00000000067A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67A5000
|
| Size: |
28672
|
|
|
47EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47EA000
|
| Size: |
4096
|
|
|
3809000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414617674.0000000003809000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3809000
|
| Size: |
4096
|
|
|
7760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312534510.0000000007760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7760000
|
| Size: |
65536
|
|
|
76FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329745861.00000000076FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76FF000
|
| Size: |
4096
|
|
|
7708000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.0000000007708000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7708000
|
| Size: |
4096
|
|
|
39CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39CF000
|
| Size: |
8192
|
|
|
4170000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1307555580.0000000004170000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4170000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
835C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1330061404.000000000835C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
835C000
|
| Size: |
16384
|
|
|
16B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.00000000016B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B0000
|
| Size: |
49152
|
|
|
524000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1267715927.0000000000524000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
524000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
247627AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393379374.00000247627AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
247627AE000
|
| Size: |
4096
|
|
|
75D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312968456.00000000075D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75D0000
|
| Size: |
65536
|
|
|
4892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4892000
|
| Size: |
4096
|
|
|
3C7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C7F000
|
| Size: |
8192
|
|
|
397A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000397A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
397A000
|
| Size: |
32768
|
|
|
6CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547779820.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CA0000
|
| Size: |
65536
|
|
|
1647000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532410769.0000000001647000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1647000
|
| Size: |
28672
|
|
|
10E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1285201159.00000000010E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E8000
|
| Size: |
540672
|
|
|
875000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310633389.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
875000
|
| Size: |
8192
|
|
|
EAA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2529783214.0000000000EAA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EAA000
|
| Size: |
24576
|
|
|
398E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000398E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
4580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4580000
|
| Size: |
8192
|
|
|
C35000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393381969.0000000000C35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C35000
|
| Size: |
131072
|
|
|
34E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34E7000
|
| Size: |
12288
|
|
|
4612000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326933174.0000000004612000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4612000
|
| Size: |
4096
|
|
|
36E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414069415.00000000036E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
36E0000
|
| Size: |
1196032
|
|
|
140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324535644.0000000000140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140000
|
| Size: |
12288
|
|
|
247623A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393159088.00000247623A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
247623A0000
|
| Size: |
8192
|
|
|
36E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413541942.00000000036E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
36E0000
|
| Size: |
1196032
|
|
|
83A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422212144.00000000083A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83A0000
|
| Size: |
65536
|
|
|
3723000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1416510944.0000000003723000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3723000
|
| Size: |
507904
|
|
|
4469000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004469000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4469000
|
| Size: |
8192
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308333906.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
7310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571769401.0000000007310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7310000
|
| Size: |
4096
|
|
|
3588000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003588000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3588000
|
| Size: |
8192
|
|
|
429D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1307555580.000000000429D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
429D000
|
| Size: |
458752
|
|
|
4FF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1267715927.00000000004FF000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4FF000
|
| Size: |
147456
|
|
|
5E01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.0000000005E01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E01000
|
| Size: |
8192
|
|
|
7770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312496791.0000000007770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7770000
|
| Size: |
65536
|
|
|
8229000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008229000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8229000
|
| Size: |
4096
|
|
|
445D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000445D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
445D000
|
| Size: |
8192
|
|
|
6997000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.0000000006997000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6997000
|
| Size: |
4096
|
|
|
2EED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532492761.0000000002EED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EED000
|
| Size: |
12288
|
|
|
84A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309641019.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84A000
|
| Size: |
24576
|
|
|
5B56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B56000
|
| Size: |
45056
|
|
|
471000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000002.1285553072.0000000000471000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
471000
|
| Size: |
581632
|
|
|
1353000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.0000000001353000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1353000
|
| Size: |
237568
|
|
|
7420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329545181.0000000007420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7420000
|
| Size: |
65536
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420603917.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
8192
|
|
|
3540000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413361180.0000000003540000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3540000
|
| Size: |
1187840
|
|
|
2000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1304774627.0000000002000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2000000
|
| Size: |
4096
|
|
|
7416000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329476827.0000000007416000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7416000
|
| Size: |
20480
|
|
|
7410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329476827.0000000007410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7410000
|
| Size: |
20480
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542141919.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
12288
|
|
|
85FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476762082.00000000085FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85FE000
|
| Size: |
8192
|
|
|
8370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424580475.0000000008370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8370000
|
| Size: |
65536
|
|
|
8338000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476537023.0000000008338000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8338000
|
| Size: |
32768
|
|
|
8340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423010755.0000000008340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8340000
|
| Size: |
65536
|
|
|
5C09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C09000
|
| Size: |
4096
|
|
|
81CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553805351.00000000081CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81CD000
|
| Size: |
12288
|
|
|
8560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421347319.0000000008560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8560000
|
| Size: |
65536
|
|
|
581E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543927411.000000000581E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
581E000
|
| Size: |
8192
|
|
|
47FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47FF000
|
| Size: |
8192
|
|
|
4754000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004754000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4754000
|
| Size: |
4096
|
|
|
63A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544771088.00000000063A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
63A0000
|
| Size: |
32768
|
|
|
5C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C41000
|
| Size: |
4096
|
|
|
537000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1286238227.0000000000537000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
537000
|
| Size: |
860160
|
|
|
1210000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2529979124.0000000001210000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1210000
|
| Size: |
4096
|
|
|
730F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.000000000730F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
730F000
|
| Size: |
4096
|
|
|
5B01000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1474147136.0000000005B01000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5B01000
|
| Size: |
20480
|
|
|
3636000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003636000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3636000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
BF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393573213.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF3000
|
| Size: |
872448
|
|
|
610A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328645720.000000000610A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
610A000
|
| Size: |
36864
|
|
|
44F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F4000
|
| Size: |
8192
|
|
|
33DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471290515.00000000033DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
8192
|
|
|
20E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1418383017.000000000020E000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
20E000
|
| Size: |
36864
|
|
|
57B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57B0000
|
| Size: |
12288
|
|
|
446E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000446E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
446E000
|
| Size: |
8192
|
|
|
75D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2549171307.00000000075D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75D0000
|
| Size: |
5242880
|
|
|
34EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34EB000
|
| Size: |
4096
|
|
|
65D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1567730706.00000000065D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
65D0000
|
| Size: |
65536
|
|
|
72BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571414989.00000000072BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72BD000
|
| Size: |
12288
|
|
|
39FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472161916.00000000039FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39FE000
|
| Size: |
8192
|
|
|
8880000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1476915327.0000000008880000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8880000
|
| Size: |
28672
|
|
|
83F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476705170.00000000083F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83F0000
|
| Size: |
57344
|
|
|
393E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415874579.000000000393E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
393E000
|
| Size: |
24576
|
|
|
4600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326907702.0000000004600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4600000
|
| Size: |
4096
|
|
|
646A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545231366.000000000646A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
646A000
|
| Size: |
12288
|
|
|
36B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426174192.00000000036B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36B8000
|
| Size: |
73728
|
|
|
247627A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393379374.00000247627A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
247627A5000
|
| Size: |
32768
|
|
|
387E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414069415.000000000387E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
387E000
|
| Size: |
24576
|
|
|
883000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310659408.0000000000883000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
883000
|
| Size: |
28672
|
|
|
4533000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004533000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4533000
|
| Size: |
8192
|
|
|
5A40000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1561460582.0000000005A40000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5A40000
|
| Size: |
4096
|
|
|
85C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420880325.00000000085C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85C0000
|
| Size: |
196608
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309505406.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
|
|
69AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570479129.00000000069AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69AD000
|
| Size: |
12288
|
|
|
36CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286469713.00000000036CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36CB000
|
| Size: |
790528
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308076888.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
|
|
4371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4371000
|
| Size: |
36864
|
|
|
7750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312643057.0000000007750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7750000
|
| Size: |
65536
|
|
|
863000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313606795.0000000000863000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
863000
|
| Size: |
32768
|
|
|
4400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4400000
|
| Size: |
8192
|
|
|
44DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44DB000
|
| Size: |
4096
|
|
|
11A9000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1296369570.00000000011A9000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
11A9000
|
| Size: |
16384
|
|
|
678E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569095480.000000000678E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
678E000
|
| Size: |
86016
|
|
|
10B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268610990.00000000010B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10B4000
|
| Size: |
753664
|
|
|
8360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424661688.0000000008360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8360000
|
| Size: |
65536
|
|
|
16EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.00000000016EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16EF000
|
| Size: |
4096
|
|
|
6F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548281144.0000000006F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F8E000
|
| Size: |
8192
|
|
|
37A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A5000
|
| Size: |
8192
|
|
|
C27000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417712228.0000000000C27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C27000
|
| Size: |
659456
|
|
|
8380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424459167.0000000008380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8380000
|
| Size: |
65536
|
|
|
3663000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414441403.0000000003663000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3663000
|
| Size: |
507904
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286661414.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
4096
|
|
|
8600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420648835.0000000008600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8600000
|
| Size: |
65536
|
|
|
4418000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004418000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4418000
|
| Size: |
8192
|
|
|
18B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542980974.00000000018B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18B0000
|
| Size: |
4096
|
|
|
F01CEFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1392986253.000000F01CEFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01CEFE000
|
| Size: |
8192
|
|
|
4170000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305373896.0000000004170000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4170000
|
| Size: |
1196032
|
|
|
72E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E9000
|
| Size: |
8192
|
|
|
4E43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E43000
|
| Size: |
4096
|
|
|
65B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1567542540.00000000065B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
65B0000
|
| Size: |
65536
|
|
|
8306000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423274627.0000000008306000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8306000
|
| Size: |
40960
|
|
|
5601000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.0000000005601000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5601000
|
| Size: |
16384
|
|
|
3652000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471604667.0000000003652000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3652000
|
| Size: |
4096
|
|
|
5108000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541315396.0000000005108000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5108000
|
| Size: |
4096
|
|
|
75D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314036963.00000000075D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75D0000
|
| Size: |
28672
|
|
|
30C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543187749.00000000030C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30C0000
|
| Size: |
4096
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1267640958.0000000000470000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
470000
|
| Size: |
4096
|
|
|
566C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543022224.000000000566C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
566C000
|
| Size: |
16384
|
|
|
34A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34A2000
|
| Size: |
8192
|
|
|
745E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572279928.000000000745E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
745E000
|
| Size: |
8192
|
|
|
1470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311265635.0000000001470000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1470000
|
| Size: |
4096
|
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324899941.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1E0000
|
| Size: |
4096
|
|
|
3599000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268316285.0000000003599000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3599000
|
| Size: |
790528
|
|
|
30BD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543167453.00000000030BD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30BD000
|
| Size: |
4096
|
|
|
57DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57DD000
|
| Size: |
16384
|
|
|
5B4B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B4B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B4B000
|
| Size: |
20480
|
|
|
FDB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286901576.0000000000FDB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FDB000
|
| Size: |
20480
|
|
|
36FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471987321.00000000036FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36FC000
|
| Size: |
36864
|
|
|
BFB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417550782.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFB000
|
| Size: |
151552
|
|
|
143C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311126517.000000000143C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
143C000
|
| Size: |
16384
|
|
|
1755000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.0000000001755000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1755000
|
| Size: |
69632
|
|
|
3A80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296647933.0000000003A80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A80000
|
| Size: |
741376
|
|
|
683B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570253583.000000000683B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
683B000
|
| Size: |
77824
|
|
|
4413000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004413000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4413000
|
| Size: |
8192
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309505406.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
3480000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421621521.0000000003480000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3480000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
24762467000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393218633.0000024762467000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762467000
|
| Size: |
167936
|
|
|
57BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57BB000
|
| Size: |
61440
|
|
|
67D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569729230.00000000067D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67D0000
|
| Size: |
20480
|
|
|
30A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543050739.00000000030A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30A0000
|
| Size: |
12288
|
|
|
43DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43DE000
|
| Size: |
4096
|
|
|
440A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000440A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
440A000
|
| Size: |
8192
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
28672
|
|
|
5C46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C46000
|
| Size: |
45056
|
|
|
380D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414617674.000000000380D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
380D000
|
| Size: |
458752
|
|
|
38CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415874579.00000000038CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38CD000
|
| Size: |
458752
|
|
|
5803000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473052341.0000000005803000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5803000
|
| Size: |
4096
|
|
|
8580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421214590.0000000008580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8580000
|
| Size: |
65536
|
|
|
7A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329863976.0000000007A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A7E000
|
| Size: |
8192
|
|
|
4E2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E2B000
|
| Size: |
53248
|
|
|
771C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.000000000771C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
771C000
|
| Size: |
81920
|
|
|
3A1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A1F000
|
| Size: |
290816
|
|
|
4BD0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327479086.0000000004BD0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4BD0000
|
| Size: |
4096
|
|
|
1610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532044537.0000000001610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1610000
|
| Size: |
45056
|
|
|
5EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563269821.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EE0000
|
| Size: |
65536
|
|
|
4172000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004172000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4172000
|
| Size: |
73728
|
|
|
8206000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008206000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8206000
|
| Size: |
4096
|
|
|
3C78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C78000
|
| Size: |
8192
|
|
|
14C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542275648.00000000014C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
16384
|
|
|
17AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1310083367.00000000017AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17AF000
|
| Size: |
262144
|
|
|
45B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45B4000
|
| Size: |
8192
|
|
|
14C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542275648.00000000014C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C5000
|
| Size: |
16384
|
|
|
700E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548380810.000000000700E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
700E000
|
| Size: |
8192
|
|
|
32A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419030692.000000000032A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32A000
|
| Size: |
24576
|
|
|
18F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543028733.00000000018F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18F0000
|
| Size: |
16384
|
|
|
3600000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415582555.0000000003600000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3600000
|
| Size: |
1187840
|
|
|
67C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569660796.00000000067C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67C1000
|
| Size: |
8192
|
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36E8000
|
| Size: |
4096
|
|
|
8320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423142127.0000000008320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8320000
|
| Size: |
65536
|
|
|
F01CAFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1392905397.000000F01CAFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01CAFE000
|
| Size: |
8192
|
|
|
6C28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547058335.0000000006C28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C28000
|
| Size: |
32768
|
|
|
362A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471455332.000000000362A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
362A000
|
| Size: |
8192
|
|
|
30B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543139997.00000000030B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
45056
|
|
|
359D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000359D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
359D000
|
| Size: |
8192
|
|
|
24762438000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393218633.0000024762438000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762438000
|
| Size: |
159744
|
|
|
85B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420969220.00000000085B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85B0000
|
| Size: |
28672
|
|
|
CEF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417509075.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CEF000
|
| Size: |
65536
|
|
|
487A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000487A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
487A000
|
| Size: |
4096
|
|
|
3B8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
4096
|
|
|
10BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1295060887.00000000010BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BD000
|
| Size: |
147456
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308880734.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
168B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311474280.000000000168B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
168B000
|
| Size: |
53248
|
|
|
4E5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E5A000
|
| Size: |
4096
|
|
|
51B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472576699.00000000051B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
6C8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547682982.0000000006C8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8D000
|
| Size: |
12288
|
|
|
7729000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312762611.0000000007729000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7729000
|
| Size: |
28672
|
|
|
43AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43AE000
|
| Size: |
4096
|
|
|
43D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D4000
|
| Size: |
4096
|
|
|
1197000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542098191.0000000001197000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1197000
|
| Size: |
36864
|
|
|
43E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326686744.00000000043E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43E0000
|
| Size: |
8192
|
|
|
35A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000035A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A7000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
51A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472236645.00000000051A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
84F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325754538.000000000084F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84F000
|
| Size: |
16384
|
|
|
8F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326328274.00000000008F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F2000
|
| Size: |
12288
|
|
|
2F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532523936.0000000002F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F00000
|
| Size: |
4096
|
|
|
8ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326257470.00000000008ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8ED000
|
| Size: |
8192
|
|
|
72E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E5000
|
| Size: |
12288
|
|
|
3171000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003171000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3171000
|
| Size: |
4096
|
|
|
7280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571303102.0000000007280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7280000
|
| Size: |
8192
|
|
|
74E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313514823.00000000074E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74E0000
|
| Size: |
65536
|
|
|
7570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314389408.0000000007570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7570000
|
| Size: |
65536
|
|
|
2020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311912991.0000000002020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2020000
|
| Size: |
8192
|
|
|
44FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44FE000
|
| Size: |
8192
|
|
|
3D91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D91000
|
| Size: |
12288
|
|
|
7430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311521434.0000000007430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7430000
|
| Size: |
40960
|
|
|
F01CDFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1392955155.000000F01CDFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01CDFF000
|
| Size: |
4096
|
|
|
3350000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.1471168768.0000000003350000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
3350000
|
| Size: |
4096
|
|
|
80E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1475537304.00000000080E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
80E0000
|
| Size: |
4096
|
|
|
8214000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008214000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8214000
|
| Size: |
8192
|
|
|
8200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1419388542.0000000008200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8200000
|
| Size: |
16384
|
|
|
5C5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C5C000
|
| Size: |
4096
|
|
|
451A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000451A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
451A000
|
| Size: |
8192
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308880734.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
8330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424922289.0000000008330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8330000
|
| Size: |
65536
|
|
|
3FD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306986883.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD0000
|
| Size: |
1187840
|
|
|
6858000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570377652.0000000006858000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6858000
|
| Size: |
8192
|
|
|
387E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414617674.000000000387E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
387E000
|
| Size: |
24576
|
|
|
7540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314520137.0000000007540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7540000
|
| Size: |
65536
|
|
|
4416000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004416000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4416000
|
| Size: |
4096
|
|
|
5C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C60000
|
| Size: |
32768
|
|
|
3B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B54000
|
| Size: |
32768
|
|
|
912000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326449198.0000000000912000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
912000
|
| Size: |
262144
|
|
|
5C1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C1C000
|
| Size: |
4096
|
|
|
160D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532004689.000000000160D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
160D000
|
| Size: |
4096
|
|
|
36E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471866692.00000000036E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36E4000
|
| Size: |
12288
|
|
|
877E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476836321.000000000877E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
877E000
|
| Size: |
8192
|
|
|
6F4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548244717.0000000006F4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F4C000
|
| Size: |
16384
|
|
|
3BF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1281915305.0000000003BF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BF3000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
5C39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C39000
|
| Size: |
4096
|
|
|
1098000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1295060887.0000000001098000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1098000
|
| Size: |
118784
|
|
|
3663000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413361180.0000000003663000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3663000
|
| Size: |
507904
|
|
|
793E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329806610.000000000793E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
793E000
|
| Size: |
8192
|
|
|
665D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545418624.000000000665D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
665D000
|
| Size: |
12288
|
|
|
4578000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004578000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4578000
|
| Size: |
4096
|
|
|
169A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286872535.000000000169A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169A000
|
| Size: |
118784
|
|
|
3AA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AA1000
|
| Size: |
8192
|
|
|
45F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45F2000
|
| Size: |
8192
|
|
|
3360000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543756865.0000000003360000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3360000
|
| Size: |
4096
|
|
|
4A07000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327150159.0000000004A07000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A07000
|
| Size: |
4096
|
|
|
384F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000384F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
36864
|
|
|
471000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000000.1267656809.0000000000471000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
471000
|
| Size: |
581632
|
|
|
36E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471920001.00000000036E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36E8000
|
| Size: |
45056
|
|
|
326D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000326D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
326D000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
724E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570895439.000000000724E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
724E000
|
| Size: |
8192
|
|
|
161E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311383558.000000000161E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
161E000
|
| Size: |
8192
|
|
|
7750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572737808.0000000007750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7750000
|
| Size: |
20480
|
|
|
8390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424315238.0000000008390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8390000
|
| Size: |
65536
|
|
|
77C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312312429.00000000077C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77C0000
|
| Size: |
4096
|
|
|
67EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569925377.00000000067EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67EB000
|
| Size: |
36864
|
|
|
3624000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003624000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3624000
|
| Size: |
24576
|
|
|
38A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A2000
|
| Size: |
4096
|
|
|
7250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548540271.0000000007250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7250000
|
| Size: |
65536
|
|
|
20E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1284406463.000000000020E000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
20E000
|
| Size: |
8192
|
|
|
11C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268994760.00000000011C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C6000
|
| Size: |
57344
|
|
|
6802000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569998068.0000000006802000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6802000
|
| Size: |
4096
|
|
|
8559000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421390123.0000000008559000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8559000
|
| Size: |
28672
|
|
|
749E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572308559.000000000749E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
749E000
|
| Size: |
8192
|
|
|
83C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422020241.00000000083C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83C0000
|
| Size: |
65536
|
|
|
84FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476734951.00000000084FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84FF000
|
| Size: |
4096
|
|
|
524000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1285648319.0000000000524000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
524000
|
| Size: |
40960
|
|
|
6C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547213562.0000000006C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C30000
|
| Size: |
40960
|
|
|
448A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000448A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
448A000
|
| Size: |
8192
|
|
|
6804000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570025627.0000000006804000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6804000
|
| Size: |
8192
|
|
|
40F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305186468.00000000040F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F3000
|
| Size: |
507904
|
|
|
5830000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2544003465.0000000005830000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5830000
|
| Size: |
4096
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309231352.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
5C0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C0E000
|
| Size: |
53248
|
|
|
4827000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004827000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4827000
|
| Size: |
8192
|
|
|
141B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311126517.000000000141B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
141B000
|
| Size: |
20480
|
|
|
1630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532270261.0000000001630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1630000
|
| Size: |
4096
|
|
|
4170000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306083165.0000000004170000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4170000
|
| Size: |
1196032
|
|
|
AAE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1477046296.000000000AAE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AAE0000
|
| Size: |
4096
|
|
|
4501000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326877150.0000000004501000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4501000
|
| Size: |
4096
|
|
|
8351000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422911082.0000000008351000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8351000
|
| Size: |
61440
|
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530044360.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
16384
|
|
|
7787000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572922657.0000000007787000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7787000
|
| Size: |
20480
|
|
|
327A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543637411.000000000327A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327A000
|
| Size: |
8192
|
|
|
4E58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E58000
|
| Size: |
4096
|
|
|
74D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313544333.00000000074D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74D6000
|
| Size: |
40960
|
|
|
7580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314354310.0000000007580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7580000
|
| Size: |
20480
|
|
|
4BC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327451552.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BC0000
|
| Size: |
57344
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561121313.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
8891000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426714481.0000000008891000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8891000
|
| Size: |
61440
|
|
|
3C3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C3F000
|
| Size: |
65536
|
|
|
4575000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004575000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4575000
|
| Size: |
8192
|
|
|
43D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D9000
|
| Size: |
4096
|
|
|
16B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311606652.00000000016B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B8000
|
| Size: |
593920
|
|
|
74F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313882127.00000000074F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74F0000
|
| Size: |
8192
|
|
|
10E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1284879627.00000000010E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E7000
|
| Size: |
544768
|
|
|
177A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1310268205.000000000177A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
177A000
|
| Size: |
184320
|
|
|
6C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547001794.0000000006C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C1E000
|
| Size: |
8192
|
|
|
FE7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1322993257.0000000000FE7000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FE7000
|
| Size: |
57344
|
|
|
36B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296496456.00000000036B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36B0000
|
| Size: |
4096
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542119210.0000000001400000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
4096
|
|
|
F01D0FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393007872.000000F01D0FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01D0FE000
|
| Size: |
8192
|
|
|
472C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000472C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
472C000
|
| Size: |
4096
|
|
|
FF6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1322993257.0000000000FF6000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FF6000
|
| Size: |
36864
|
|
|
5960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561316273.0000000005960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5960000
|
| Size: |
4096
|
|
|
4858000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004858000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4858000
|
| Size: |
4096
|
|
|
3FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB2000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
144B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531424303.000000000144B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
144B000
|
| Size: |
20480
|
|
|
4479000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004479000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4479000
|
| Size: |
16384
|
|
|
4129000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004129000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4129000
|
| Size: |
204800
|
|
|
714C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548450460.000000000714C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714C000
|
| Size: |
16384
|
|
|
5F00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1563431553.0000000005F00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F00000
|
| Size: |
65536
|
|
|
47F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47F9000
|
| Size: |
8192
|
|
|
76FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.00000000076FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76FC000
|
| Size: |
16384
|
|
|
4101000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004101000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4101000
|
| Size: |
36864
|
|
|
36B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471696167.00000000036B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36B1000
|
| Size: |
12288
|
|
|
1CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324818675.00000000001CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1CE000
|
| Size: |
8192
|
|
|
5B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544147314.0000000005B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B3E000
|
| Size: |
8192
|
|
|
161D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532096669.000000000161D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
161D000
|
| Size: |
4096
|
|
|
59EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473792919.00000000059EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59EC000
|
| Size: |
16384
|
|
|
36B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426884508.00000000036B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36B2000
|
| Size: |
32768
|
|
|
36CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1285412782.00000000036CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36CD000
|
| Size: |
790528
|
|
|
36F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F1000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
86C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325986244.000000000086C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86C000
|
| Size: |
307200
|
|
|
3402000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471371344.0000000003402000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3402000
|
| Size: |
20480
|
|
|
5ECB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562602636.0000000005ECB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5ECB000
|
| Size: |
8192
|
|
|
82B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325532052.000000000082B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82B000
|
| Size: |
4096
|
|
|
4E46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E46000
|
| Size: |
45056
|
|
|
47DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47DD000
|
| Size: |
4096
|
|
|
10E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1269075207.00000000010E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E9000
|
| Size: |
536576
|
|
|
40F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305811831.00000000040F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F3000
|
| Size: |
507904
|
|
|
8E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326188855.00000000008E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E9000
|
| Size: |
4096
|
|
|
73DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571983972.00000000073DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73DE000
|
| Size: |
8192
|
|
|
B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420553136.0000000000B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0E000
|
| Size: |
8192
|
|
|
72A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571356803.00000000072A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72A0000
|
| Size: |
4096
|
|
|
76DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.00000000076DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76DB000
|
| Size: |
90112
|
|
|
16C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1285742713.00000000016C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C5000
|
| Size: |
131072
|
|
|
6D8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547966283.0000000006D8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D8C000
|
| Size: |
16384
|
|
|
4563000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004563000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4563000
|
| Size: |
8192
|
|
|
4536000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004536000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4536000
|
| Size: |
4096
|
|
|
7400000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1572198349.0000000007400000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7400000
|
| Size: |
65536
|
|
|
7314000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571769401.0000000007314000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7314000
|
| Size: |
36864
|
|
|
38B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38B7000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329887433.0000000007ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7ABE000
|
| Size: |
8192
|
|
|
8EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326222182.00000000008EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EB000
|
| Size: |
4096
|
|
|
55EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55EB000
|
| Size: |
8192
|
|
|
57E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57E2000
|
| Size: |
49152
|
|
|
3D86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D86000
|
| Size: |
4096
|
|
|
4863000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004863000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4863000
|
| Size: |
12288
|
|
|
217000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000000.1392518918.0000000000217000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
217000
|
| Size: |
860160
|
|
|
884000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310754064.0000000000884000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
884000
|
| Size: |
24576
|
|
|
7780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312445856.0000000007780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7780000
|
| Size: |
28672
|
|
|
8402000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1330104775.0000000008402000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8402000
|
| Size: |
12288
|
|
|
4212000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004212000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4212000
|
| Size: |
98304
|
|
|
45FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45FC000
|
| Size: |
8192
|
|
|
5EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562602636.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EC0000
|
| Size: |
4096
|
|
|
4568000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004568000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4568000
|
| Size: |
8192
|
|
|
1635000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532330541.0000000001635000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1635000
|
| Size: |
4096
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327232003.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
3649000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1416980700.0000000003649000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3649000
|
| Size: |
20480
|
|
|
77D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312278109.00000000077D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77D0000
|
| Size: |
65536
|
|
|
34ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34ED000
|
| Size: |
4096
|
|
|
39B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B6000
|
| Size: |
8192
|
|
|
11AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1274680057.00000000011AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11AA000
|
| Size: |
24576
|
|
|
4E52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E52000
|
| Size: |
4096
|
|
|
4431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4431000
|
| Size: |
16384
|
|
|
38C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415874579.00000000038C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C9000
|
| Size: |
4096
|
|
|
88A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426769011.00000000088A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
88A0000
|
| Size: |
24576
|
|
|
43F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326739434.00000000043F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43F0000
|
| Size: |
4096
|
|
|
8540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421517360.0000000008540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8540000
|
| Size: |
53248
|
|
|
88A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426837311.00000000088A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
88A0000
|
| Size: |
8192
|
|
|
371C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000371C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
371C000
|
| Size: |
290816
|
|
|
75C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314071986.00000000075C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75C0000
|
| Size: |
65536
|
|
|
39F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F0000
|
| Size: |
184320
|
|
|
4A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327105630.0000000004A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
40F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306986883.00000000040F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F3000
|
| Size: |
507904
|
|
|
4D01000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327630857.0000000004D01000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4D01000
|
| Size: |
20480
|
|
|
3AB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AB3000
|
| Size: |
8192
|
|
|
5963000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561316273.0000000005963000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5963000
|
| Size: |
8192
|
|
|
36D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426516086.00000000036D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36D1000
|
| Size: |
32768
|
|
|
16B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1298443768.00000000016B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B8000
|
| Size: |
593920
|
|
|
689E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545598985.000000000689E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
689E000
|
| Size: |
8192
|
|
|
5A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561433984.0000000005A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A3E000
|
| Size: |
8192
|
|
|
13BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.00000000013BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13BB000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
37C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C1000
|
| Size: |
8192
|
|
|
4BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327391191.0000000004BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BBE000
|
| Size: |
8192
|
|
|
3D29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D29000
|
| Size: |
36864
|
|
|
4395000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004395000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4395000
|
| Size: |
4096
|
|
|
677A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569095480.000000000677A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
677A000
|
| Size: |
4096
|
|
|
5DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544616417.0000000005DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DE0000
|
| Size: |
4096
|
|
|
3C9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C9B000
|
| Size: |
8192
|
|
|
5C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544433145.0000000005C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C7E000
|
| Size: |
8192
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308880734.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
|
|
217000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.1418418677.0000000000217000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
217000
|
| Size: |
860160
|
|
|
773E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572737808.000000000773E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
773E000
|
| Size: |
16384
|
|
|
821E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.000000000821E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
821E000
|
| Size: |
4096
|
|
|
8340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424782445.0000000008340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8340000
|
| Size: |
65536
|
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472103481.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
F01CBFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1392927434.000000F01CBFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01CBFF000
|
| Size: |
4096
|
|
|
7710000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312811226.0000000007710000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7710000
|
| Size: |
53248
|
|
|
7F1F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2555321825.000000007F1F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F1F0000
|
| Size: |
4096
|
|
|
7EF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573534312.0000000007EF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF6000
|
| Size: |
8192
|
|
|
7530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314581171.0000000007530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7530000
|
| Size: |
65536
|
|
|
7590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313136443.0000000007590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7590000
|
| Size: |
65536
|
|
|
34A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34A6000
|
| Size: |
20480
|
|
|
3265000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003265000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3265000
|
| Size: |
4096
|
|
|
5B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562009348.0000000005B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B80000
|
| Size: |
36864
|
|
|
699B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.000000000699B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
699B000
|
| Size: |
8192
|
|
|
443E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000443E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
443E000
|
| Size: |
8192
|
|
|
3D48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D48000
|
| Size: |
16384
|
|
|
83B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424161162.00000000083B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83B0000
|
| Size: |
20480
|
|
|
583B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473471833.000000000583B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
583B000
|
| Size: |
4096
|
|
|
72FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72FA000
|
| Size: |
8192
|
|
|
57DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543872278.00000000057DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57DE000
|
| Size: |
8192
|
|
|
5C3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C3D000
|
| Size: |
12288
|
|
|
3600000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414993520.0000000003600000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3600000
|
| Size: |
1187840
|
|
|
36C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311943499.00000000036C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
36C0000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
88A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426646328.00000000088A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
88A0000
|
| Size: |
4096
|
|
|
43D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326635833.00000000043D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D4000
|
| Size: |
4096
|
|
|
3FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FAA000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562761609.0000000005ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5ED0000
|
| Size: |
65536
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
290816
|
|
|
843000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325754538.0000000000843000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
843000
|
| Size: |
45056
|
|
|
7780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572893888.0000000007780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7780000
|
| Size: |
12288
|
|
|
1470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542184984.0000000001470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1470000
|
| Size: |
16384
|
|
|
1683000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286352433.0000000001683000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1683000
|
| Size: |
811008
|
|
|
3261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3261000
|
| Size: |
4096
|
|
|
4566000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004566000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4566000
|
| Size: |
4096
|
|
|
560D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.000000000560D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
560D000
|
| Size: |
16384
|
|
|
59BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561377544.00000000059BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59BE000
|
| Size: |
8192
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326412137.0000000000900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
20480
|
|
|
67C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569660796.00000000067C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67C4000
|
| Size: |
16384
|
|
|
16B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286231608.00000000016B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B9000
|
| Size: |
49152
|
|
|
481A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000481A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
481A000
|
| Size: |
16384
|
|
|
43D3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326609978.00000000043D3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43D3000
|
| Size: |
4096
|
|
|
820E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.000000000820E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
820E000
|
| Size: |
12288
|
|
|
81D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553837290.00000000081D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81D0000
|
| Size: |
4096
|
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35AD000
|
| Size: |
139264
|
|
|
3A79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A79000
|
| Size: |
4096
|
|
|
75B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314138494.00000000075B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75B0000
|
| Size: |
65536
|
|
|
7580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313190502.0000000007580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7580000
|
| Size: |
65536
|
|
|
6ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2546891506.0000000006ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ADE000
|
| Size: |
8192
|
|
|
45A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45A0000
|
| Size: |
8192
|
|
|
24762493000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393218633.0000024762493000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762493000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
83B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422105642.00000000083B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83B0000
|
| Size: |
65536
|
|
|
80F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475555735.00000000080F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80F0000
|
| Size: |
65536
|
|
|
7C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573061378.0000000007C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C8E000
|
| Size: |
8192
|
|
|
3229000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003229000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3229000
|
| Size: |
16384
|
|
|
1590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311328860.0000000001590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1590000
|
| Size: |
4096
|
|
|
7760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572737808.0000000007760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7760000
|
| Size: |
8192
|
|
|
357E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000357E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
357E000
|
| Size: |
36864
|
|
|
8D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326092441.00000000008D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D9000
|
| Size: |
12288
|
|
|
319A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000319A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
319A000
|
| Size: |
520192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
F01D4FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393107488.000000F01D4FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01D4FB000
|
| Size: |
20480
|
|
|
F01D3FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393078242.000000F01D3FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01D3FF000
|
| Size: |
4096
|
|
|
4464000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004464000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4464000
|
| Size: |
8192
|
|
|
5CAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005CAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CAB000
|
| Size: |
40960
|
|
|
6DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548103180.0000000006DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA0000
|
| Size: |
20480
|
|
|
546B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560476723.000000000546B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546B000
|
| Size: |
20480
|
|
|
43F7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326789616.00000000043F7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43F7000
|
| Size: |
4096
|
|
|
460A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000460A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
460A000
|
| Size: |
8192
|
|
|
C29000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393483919.0000000000C29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C29000
|
| Size: |
49152
|
|
|
39BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39BD000
|
| Size: |
8192
|
|
|
5606000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.0000000005606000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5606000
|
| Size: |
16384
|
|
|
7260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571190360.0000000007260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7260000
|
| Size: |
4096
|
|
|
380D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414069415.000000000380D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
380D000
|
| Size: |
458752
|
|
|
18AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542959775.00000000018AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18AF000
|
| Size: |
4096
|
|
|
8320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423627217.0000000008320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8320000
|
| Size: |
8192
|
|
|
7521000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313417849.0000000007521000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7521000
|
| Size: |
61440
|
|
|
362D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471512804.000000000362D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
362D000
|
| Size: |
24576
|
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37D8000
|
| Size: |
180224
|
|
|
10E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296234919.00000000010E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E9000
|
| Size: |
536576
|
|
|
17AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311805363.00000000017AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17AD000
|
| Size: |
8192
|
|
|
BFB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420860335.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFB000
|
| Size: |
151552
|
|
|
362D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000362D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
362D000
|
| Size: |
8192
|
|
|
3600000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1416510944.0000000003600000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3600000
|
| Size: |
1187840
|
|
|
16E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.00000000016E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E4000
|
| Size: |
36864
|
|
|
CFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1407138948.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CFF000
|
| Size: |
262144
|
|
|
4543000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004543000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4543000
|
| Size: |
8192
|
|
|
43DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326659455.00000000043DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43DD000
|
| Size: |
4096
|
|
|
4602000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004602000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4602000
|
| Size: |
4096
|
|
|
174A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311688686.000000000174A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
174A000
|
| Size: |
61440
|
|
|
5C2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C2B000
|
| Size: |
53248
|
|
|
103A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311099950.000000000103A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
103A000
|
| Size: |
24576
|
|
|
5B71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B71000
|
| Size: |
32768
|
|
|
4834000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004834000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4834000
|
| Size: |
8192
|
|
|
6ADB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570717575.0000000006ADB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ADB000
|
| Size: |
8192
|
|
|
399E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000399E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
399E000
|
| Size: |
4096
|
|
|
41F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.00000000041F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41F2000
|
| Size: |
98304
|
|
|
145E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542162285.000000000145E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
145E000
|
| Size: |
8192
|
|
|
75F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312874388.00000000075F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75F0000
|
| Size: |
65536
|
|
|
CC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421342632.0000000000CC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC9000
|
| Size: |
118784
|
|
|
3786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3786000
|
| Size: |
4096
|
|
|
3651000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1416980700.0000000003651000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3651000
|
| Size: |
4096
|
|
|
3983000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003983000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3983000
|
| Size: |
40960
|
|
|
39D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D4000
|
| Size: |
8192
|
|
|
7C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1573094059.0000000007C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7C90000
|
| Size: |
28672
|
|
|
8226000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008226000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8226000
|
| Size: |
4096
|
|
|
3663000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413887434.0000000003663000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3663000
|
| Size: |
507904
|
|
|
3FC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC6000
|
| Size: |
479232
|
|
|
3A86000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1276241148.0000000003A86000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A86000
|
| Size: |
790528
|
|
|
682C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570205340.000000000682C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
682C000
|
| Size: |
57344
|
|
|
35A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000035A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A2000
|
| Size: |
8192
|
|
|
45BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45BF000
|
| Size: |
8192
|
|
|
73C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329413645.00000000073C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73C0000
|
| Size: |
65536
|
|
|
3730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296581456.0000000003730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3730000
|
| Size: |
8192
|
|
|
6B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2546927825.0000000006B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B1E000
|
| Size: |
8192
|
|
|
4E5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E5C000
|
| Size: |
4096
|
|
|
403C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000403C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
403C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312162532.0000000007800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7800000
|
| Size: |
28672
|
|
|
4497000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004497000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4497000
|
| Size: |
4096
|
|
|
486D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000486D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486D000
|
| Size: |
4096
|
|
|
43E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326708670.00000000043E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43E4000
|
| Size: |
24576
|
|
|
85F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420737268.00000000085F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85F0000
|
| Size: |
4096
|
|
|
8332000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476537023.0000000008332000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8332000
|
| Size: |
4096
|
|
|
68FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.00000000068FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68FB000
|
| Size: |
12288
|
|
|
39C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39C8000
|
| Size: |
8192
|
|
|
430E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306083165.000000000430E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
430E000
|
| Size: |
24576
|
|
|
6856000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570347521.0000000006856000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6856000
|
| Size: |
4096
|
|
|
43C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326559379.00000000043C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43C0000
|
| Size: |
8192
|
|
|
2B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326510836.0000000002B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1E000
|
| Size: |
8192
|
|
|
36CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426321015.00000000036CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36CB000
|
| Size: |
12288
|
|
|
30F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532984574.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F0000
|
| Size: |
4096
|
|
|
7F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573608688.0000000007F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7F3E000
|
| Size: |
8192
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308333906.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
|
|
4FF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1285648319.00000000004FF000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4FF000
|
| Size: |
147456
|
|
|
5C54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C54000
|
| Size: |
4096
|
|
|
318E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000318E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
318E000
|
| Size: |
36864
|
|
|
3371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3371000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3ABA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003ABA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ABA000
|
| Size: |
8192
|
|
|
36BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BF000
|
| Size: |
36864
|
|
|
30E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532912514.00000000030E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30E0000
|
| Size: |
65536
|
|
|
3A87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A87000
|
| Size: |
16384
|
|
|
8310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423209862.0000000008310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8310000
|
| Size: |
65536
|
|
|
67D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569760640.00000000067D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67D6000
|
| Size: |
32768
|
|
|
8500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423765186.0000000008500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8500000
|
| Size: |
28672
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473025086.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
8192
|
|
|
103E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1287100102.000000000103E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
103E000
|
| Size: |
8192
|
|
|
63FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544923794.00000000063FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63FB000
|
| Size: |
20480
|
|
|
44AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44AE000
|
| Size: |
8192
|
|
|
55EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55EE000
|
| Size: |
12288
|
|
|
541F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472868252.000000000541F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
541F000
|
| Size: |
4096
|
|
|
3FBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FBC000
|
| Size: |
12288
|
|
|
7550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314483189.0000000007550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7550000
|
| Size: |
65536
|
|
|
7DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573434420.0000000007DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DEE000
|
| Size: |
8192
|
|
|
7700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312840251.0000000007700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7700000
|
| Size: |
65536
|
|
|
72E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E0000
|
| Size: |
4096
|
|
|
A800000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1477018200.000000000A800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A800000
|
| Size: |
4096
|
|
|
1640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532410769.0000000001640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1640000
|
| Size: |
20480
|
|
|
34EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34EF000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5C3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C3B000
|
| Size: |
4096
|
|
|
169A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1298443768.000000000169A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169A000
|
| Size: |
118784
|
|
|
1620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532133114.0000000001620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
4096
|
|
|
602000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325438229.0000000000602000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
602000
|
| Size: |
24576
|
|
|
5820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561006195.0000000005820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5820000
|
| Size: |
65536
|
|
|
6760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569095480.0000000006760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6760000
|
| Size: |
57344
|
|
|
7560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313258600.0000000007560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7560000
|
| Size: |
65536
|
|
|
685D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570404396.000000000685D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
685D000
|
| Size: |
8192
|
|
|
4E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
4B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327369902.0000000004B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7E000
|
| Size: |
8192
|
|
|
8370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1422673907.0000000008370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8370000
|
| Size: |
65536
|
|
|
386E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000386E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
386E000
|
| Size: |
16384
|
|
|
30C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532756463.00000000030C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30C0000
|
| Size: |
65536
|
|
|
6460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545231366.0000000006460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6460000
|
| Size: |
20480
|
|
|
710E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548415308.000000000710E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
710E000
|
| Size: |
8192
|
|
|
24762430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393218633.0000024762430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24762430000
|
| Size: |
28672
|
|
|
3D33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D33000
|
| Size: |
24576
|
|
|
151000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000E.00000002.1418065863.0000000000151000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
151000
|
| Size: |
581632
|
|
|
4045000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000004045000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4045000
|
| Size: |
16384
|
|
|
368C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418043935.000000000368C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
368C000
|
| Size: |
45056
|
|
|
4873000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004873000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4873000
|
| Size: |
12288
|
|
|
5C52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C52000
|
| Size: |
4096
|
|
|
34E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34E5000
|
| Size: |
4096
|
|
|
5301000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472786030.0000000005301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5301000
|
| Size: |
4096
|
|
|
68A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545680715.00000000068A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68A0000
|
| Size: |
77824
|
|
|
38CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415157835.00000000038CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38CD000
|
| Size: |
458752
|
|
|
6825000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570149106.0000000006825000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6825000
|
| Size: |
24576
|
|
|
7D9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475512810.0000000007D9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D9D000
|
| Size: |
12288
|
|
|
77F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312212935.00000000077F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77F0000
|
| Size: |
65536
|
|
|
5822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473244283.0000000005822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5822000
|
| Size: |
4096
|
|
|
783E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329781407.000000000783E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
783E000
|
| Size: |
8192
|
|
|
4042000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000004042000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4042000
|
| Size: |
8192
|
|
|
5820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473220800.0000000005820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5820000
|
| Size: |
4096
|
|
|
30AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543119689.00000000030AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30AD000
|
| Size: |
4096
|
|
|
3BAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BAB000
|
| Size: |
8192
|
|
|
C28000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421151658.0000000000C28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C28000
|
| Size: |
655360
|
|
|
5F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563560830.0000000005F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F10000
|
| Size: |
65536
|
|
|
64AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545362464.00000000064AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64AD000
|
| Size: |
12288
|
|
|
399C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000399C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
399C000
|
| Size: |
4096
|
|
|
8570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421279550.0000000008570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8570000
|
| Size: |
65536
|
|
|
4252000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004252000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4252000
|
| Size: |
73728
|
|
|
4E22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E22000
|
| Size: |
4096
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308076888.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
5EC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562602636.0000000005EC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EC5000
|
| Size: |
4096
|
|
|
581D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473196204.000000000581D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
581D000
|
| Size: |
4096
|
|
|
366D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471696167.000000000366D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
366D000
|
| Size: |
266240
|
|
|
3890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3890000
|
| Size: |
4096
|
|
|
3C52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C52000
|
| Size: |
4096
|
|
|
204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1284285173.0000000000204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
204000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
4192000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004192000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4192000
|
| Size: |
73728
|
|
|
3A94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003A94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A94000
|
| Size: |
8192
|
|
|
7530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313370689.0000000007530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7530000
|
| Size: |
65536
|
|
|
5ECE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562602636.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5ECE000
|
| Size: |
8192
|
|
|
CE6000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1421391247.0000000000CE6000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
CE6000
|
| Size: |
20480
|
|
|
5DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544515515.0000000005DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DBF000
|
| Size: |
4096
|
|
|
3270000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471088876.0000000003270000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
4096
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472647511.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
24576
|
|
|
5C43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C43000
|
| Size: |
4096
|
|
|
44CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44CE000
|
| Size: |
8192
|
|
|
83D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421975102.00000000083D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83D0000
|
| Size: |
65536
|
|
|
3723000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414993520.0000000003723000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3723000
|
| Size: |
507904
|
|
|
731E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329125131.000000000731E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
731E000
|
| Size: |
8192
|
|
|
81E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553837290.00000000081E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
379E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000379E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
379E000
|
| Size: |
4096
|
|
|
66F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1568124523.00000000066F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66F0000
|
| Size: |
65536
|
|
|
57D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57D1000
|
| Size: |
16384
|
|
|
3B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B80000
|
| Size: |
4096
|
|
|
4605000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004605000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4605000
|
| Size: |
8192
|
|
|
4C01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327567973.0000000004C01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C01000
|
| Size: |
4096
|
|
|
580E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560858334.000000000580E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
580E000
|
| Size: |
8192
|
|
|
8350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424742914.0000000008350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8350000
|
| Size: |
65536
|
|
|
204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1310706039.0000000000204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
204000
|
| Size: |
40960
|
|
|
4560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4560000
|
| Size: |
4096
|
|
|
1767000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542877541.0000000001767000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1767000
|
| Size: |
151552
|
|
|
316E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000316E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
316E000
|
| Size: |
8192
|
|
|
36CF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471842665.00000000036CF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36CF000
|
| Size: |
40960
|
|
|
376A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000376A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
376A000
|
| Size: |
12288
|
|
|
7BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329916923.0000000007BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7BBE000
|
| Size: |
8192
|
|
|
6999000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.0000000006999000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6999000
|
| Size: |
4096
|
|
|
72F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.00000000072F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72F8000
|
| Size: |
4096
|
|
|
57F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560810603.00000000057F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57F0000
|
| Size: |
65536
|
|
|
3FD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305811831.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD0000
|
| Size: |
1187840
|
|
|
8890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476939746.0000000008890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8890000
|
| Size: |
4096
|
|
|
43A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43A1000
|
| Size: |
4096
|
|
|
1600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531886048.0000000001600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1600000
|
| Size: |
8192
|
|
|
679D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545550521.000000000679D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
679D000
|
| Size: |
12288
|
|
|
3240000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471067104.0000000003240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3240000
|
| Size: |
8192
|
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3861000
|
| Size: |
8192
|
|
|
5A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544117596.0000000005A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A3E000
|
| Size: |
8192
|
|
|
3373000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003373000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3373000
|
| Size: |
12288
|
|
|
724C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548492712.000000000724C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
724C000
|
| Size: |
16384
|
|
|
5B7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B7A000
|
| Size: |
12288
|
|
|
C26000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420860335.0000000000C26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C26000
|
| Size: |
4096
|
|
|
30B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532728027.00000000030B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
8192
|
|
|
7680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572366874.0000000007680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7680000
|
| Size: |
4096
|
|
|
88FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476964392.00000000088FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
88FE000
|
| Size: |
8192
|
|
|
162A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532232700.000000000162A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
162A000
|
| Size: |
12288
|
|
|
1604000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531966749.0000000001604000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1604000
|
| Size: |
8192
|
|
|
5C24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C24000
|
| Size: |
4096
|
|
|
387E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413541942.000000000387E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
387E000
|
| Size: |
24576
|
|
|
17CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421559226.00000000017CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17CF000
|
| Size: |
4096
|
|
|
38AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38AC000
|
| Size: |
4096
|
|
|
C28000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1394119373.0000000000C28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C28000
|
| Size: |
655360
|
|
|
714B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570854621.000000000714B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714B000
|
| Size: |
20480
|
|
|
8250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476345613.0000000008250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8250000
|
| Size: |
65536
|
|
|
3ADB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003ADB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ADB000
|
| Size: |
184320
|
|
|
C26000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417550782.0000000000C26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C26000
|
| Size: |
663552
|
|
|
8550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421390123.0000000008550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8550000
|
| Size: |
32768
|
|
|
FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286901576.0000000000FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
8192
|
|
|
74F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313490746.00000000074F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74F0000
|
| Size: |
65536
|
|
|
37BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37BC000
|
| Size: |
8192
|
|
|
77C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312312429.00000000077C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77C5000
|
| Size: |
45056
|
|
|
7EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573534312.0000000007EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF0000
|
| Size: |
20480
|
|
|
83E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423927330.00000000083E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83E0000
|
| Size: |
65536
|
|
|
3776000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003776000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3776000
|
| Size: |
8192
|
|
|
887E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476864459.000000000887E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
887E000
|
| Size: |
8192
|
|
|
1750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.0000000001750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1750000
|
| Size: |
16384
|
|
|
5EB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562538750.0000000005EB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EB1000
|
| Size: |
61440
|
|
|
8240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476319196.0000000008240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8240000
|
| Size: |
65536
|
|
|
4E3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E3B000
|
| Size: |
20480
|
|
|
1622000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532171234.0000000001622000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1622000
|
| Size: |
4096
|
|
|
8890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426453998.0000000008890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8890000
|
| Size: |
36864
|
|
|
430E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305373896.000000000430E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
430E000
|
| Size: |
24576
|
|
|
3CA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003CA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA7000
|
| Size: |
12288
|
|
|
1650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311441697.0000000001650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
4096
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324963061.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
51F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472618810.00000000051F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
8192
|
|
|
212000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1284406463.0000000000212000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
212000
|
| Size: |
8192
|
|
|
45EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45EC000
|
| Size: |
8192
|
|
|
4527000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004527000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4527000
|
| Size: |
4096
|
|
|
72B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571414989.00000000072B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72B0000
|
| Size: |
45056
|
|
|
7710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572473728.0000000007710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7710000
|
| Size: |
36864
|
|
|
3B9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
8192
|
|
|
5B6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B6E000
|
| Size: |
8192
|
|
|
822D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.000000000822D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
822D000
|
| Size: |
4096
|
|
|
5880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561096849.0000000005880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5880000
|
| Size: |
4096
|
|
|
58A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1561172800.00000000058A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58A0000
|
| Size: |
65536
|
|
|
10BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1284879627.00000000010BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BD000
|
| Size: |
147456
|
|
|
8221000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008221000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8221000
|
| Size: |
8192
|
|
|
595A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561219088.000000000595A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
595A000
|
| Size: |
24576
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1470813231.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
74A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1572333191.00000000074A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
74A0000
|
| Size: |
4096
|
|
|
10E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1295060887.00000000010E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E7000
|
| Size: |
4096
|
|
|
3D55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D55000
|
| Size: |
8192
|
|
|
3784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3784000
|
| Size: |
4096
|
|
|
18A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421590526.00000000018A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A0000
|
| Size: |
8192
|
|
|
854000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325831307.0000000000854000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
854000
|
| Size: |
86016
|
|
|
2FAA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1470985588.0000000002FAA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FAA000
|
| Size: |
24576
|
|
|
151000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000002.1310622458.0000000000151000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
151000
|
| Size: |
581632
|
|
|
FE2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1322993257.0000000000FE2000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FE2000
|
| Size: |
16384
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1310589040.0000000000150000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
4557000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004557000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4557000
|
| Size: |
4096
|
|
|
820C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.000000000820C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
820C000
|
| Size: |
4096
|
|
|
41B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.00000000041B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41B2000
|
| Size: |
98304
|
|
|
3279000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003279000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3279000
|
| Size: |
364544
|
|
|
4901000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327083368.0000000004901000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4901000
|
| Size: |
12288
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309231352.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
|
|
5CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544476381.0000000005CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CBE000
|
| Size: |
8192
|
|
|
879000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310459020.0000000000879000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
879000
|
| Size: |
126976
|
|
|
488D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000488D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488D000
|
| Size: |
4096
|
|
|
38C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417170808.00000000038C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C9000
|
| Size: |
4096
|
|
|
8B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325986244.00000000008B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B8000
|
| Size: |
24576
|
|
|
1DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1310706039.00000000001DF000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1DF000
|
| Size: |
147456
|
|
|
6C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547520284.0000000006C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C40000
|
| Size: |
20480
|
|
|
363D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471512804.000000000363D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
363D000
|
| Size: |
20480
|
|
|
5814000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473167084.0000000005814000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5814000
|
| Size: |
24576
|
|
|
3FD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305186468.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD0000
|
| Size: |
1187840
|
|
|
5C5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C5A000
|
| Size: |
4096
|
|
|
8200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475875526.0000000008200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8200000
|
| Size: |
12288
|
|
|
3AC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC0000
|
| Size: |
4096
|
|
|
75E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312918519.00000000075E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75E0000
|
| Size: |
65536
|
|
|
F01D1FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1393031020.000000F01D1FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F01D1FE000
|
| Size: |
8192
|
|
|
73D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311421828.00000000073D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73D0000
|
| Size: |
16384
|
|
|
3FDF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1299511535.0000000003FDF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3FDF000
|
| Size: |
790528
|
|
|
180000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.1324769442.0000000000180000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
180000
|
| Size: |
4096
|
|
|
74F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314813858.00000000074F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74F0000
|
| Size: |
65536
|
|
|
59AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473688965.00000000059AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59AF000
|
| Size: |
4096
|
|
|
4E1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E1C000
|
| Size: |
4096
|
|
|
429D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1305373896.000000000429D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
429D000
|
| Size: |
458752
|
|
|
449A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000449A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449A000
|
| Size: |
8192
|
|
|
3278000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543637411.0000000003278000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3278000
|
| Size: |
4096
|
|
|
3269000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003269000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3269000
|
| Size: |
4096
|
|
|
7CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573227263.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CB0000
|
| Size: |
258048
|
|
|
4232000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2538653667.0000000004232000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4232000
|
| Size: |
77824
|
|
|
334C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543698170.000000000334C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334C000
|
| Size: |
16384
|
|
|
1778000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1311752341.0000000001778000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1778000
|
| Size: |
4096
|
|
|
178D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542877541.000000000178D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178D000
|
| Size: |
139264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
4096
|
|
|
4BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327525622.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BE0000
|
| Size: |
65536
|
|
|
5804000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473075114.0000000005804000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5804000
|
| Size: |
4096
|
|
|
455A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000455A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
455A000
|
| Size: |
8192
|
|
|
7410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572256123.0000000007410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7410000
|
| Size: |
4096
|
|
|
30AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532698292.00000000030AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AE000
|
| Size: |
8192
|
|
|
5830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473329655.0000000005830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5830000
|
| Size: |
4096
|
|
|
393A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000393A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
393A000
|
| Size: |
36864
|
|
|
45C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45C6000
|
| Size: |
8192
|
|
|
5810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473145188.0000000005810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5810000
|
| Size: |
8192
|
|
|
4884000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004884000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4884000
|
| Size: |
4096
|
|
|
BD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420860335.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD8000
|
| Size: |
114688
|
|
|
38F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000038F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F1000
|
| Size: |
294912
|
|
|
FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286901576.0000000000FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FCE000
|
| Size: |
8192
|
|
|
47D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47D3000
|
| Size: |
12288
|
|
|
6AB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570541215.0000000006AB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AB0000
|
| Size: |
65536
|
|
|
6D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547937332.0000000006D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D4E000
|
| Size: |
8192
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1325175295.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
3D62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D62000
|
| Size: |
8192
|
|
|
56A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543625998.00000000056A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
56A0000
|
| Size: |
278528
|
|
|
6CB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2547863423.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6CB0000
|
| Size: |
65536
|
|
|
4509000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004509000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
16384
|
|
|
3620000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1416793587.0000000003620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3620000
|
| Size: |
36864
|
|
|
75B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313058059.00000000075B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75B0000
|
| Size: |
65536
|
|
|
4610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4610000
|
| Size: |
8192
|
|
|
5C1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C1E000
|
| Size: |
4096
|
|
|
8190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573672605.0000000008190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8190000
|
| Size: |
4096
|
|
|
CE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1394069047.0000000000CE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE7000
|
| Size: |
86016
|
|
|
3486000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1407536807.0000000003486000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3486000
|
| Size: |
790528
|
|
|
3AA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AA8000
|
| Size: |
8192
|
|
|
37B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37B0000
|
| Size: |
8192
|
|
|
4A30000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327255366.0000000004A30000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4A30000
|
| Size: |
4096
|
|
|
175A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311722846.000000000175A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
175A000
|
| Size: |
90112
|
|
|
10E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1274759055.00000000010E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E8000
|
| Size: |
540672
|
|
|
67E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569796048.00000000067E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67E9000
|
| Size: |
4096
|
|
|
5412000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472843055.0000000005412000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5412000
|
| Size: |
4096
|
|
|
8BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326066694.00000000008BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8BF000
|
| Size: |
61440
|
|
|
776C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572857260.000000000776C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
776C000
|
| Size: |
36864
|
|
|
3612000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471455332.0000000003612000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3612000
|
| Size: |
94208
|
|
|
681B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570087653.000000000681B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
681B000
|
| Size: |
8192
|
|
|
3160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543577147.0000000003160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3160000
|
| Size: |
4096
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286569250.00000000009C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
4096
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1312085919.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
4410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4410000
|
| Size: |
4096
|
|
|
45F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000045F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45F9000
|
| Size: |
4096
|
|
|
94A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286452791.000000000094A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
94A000
|
| Size: |
24576
|
|
|
7740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312666689.0000000007740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7740000
|
| Size: |
65536
|
|
|
3C01000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1281915305.0000000003C01000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C01000
|
| Size: |
860160
|
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1319003082.0000000000DD0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
57D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57D6000
|
| Size: |
16384
|
|
|
3B5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B5D000
|
| Size: |
28672
|
|
|
3809000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1414069415.0000000003809000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3809000
|
| Size: |
4096
|
|
|
36F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471957579.00000000036F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36F9000
|
| Size: |
8192
|
|
|
7500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314721063.0000000007500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7500000
|
| Size: |
65536
|
|
|
217000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1284499460.0000000000217000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
217000
|
| Size: |
860160
|
|
|
55E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
20480
|
|
|
429D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306083165.000000000429D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
429D000
|
| Size: |
458752
|
|
|
4452000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004452000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4452000
|
| Size: |
8192
|
|
|
18E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543007248.00000000018E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18E0000
|
| Size: |
8192
|
|
|
5B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562245956.0000000005B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B90000
|
| Size: |
8192
|
|
|
55F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55F2000
|
| Size: |
28672
|
|
|
3B72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B72000
|
| Size: |
8192
|
|
|
57CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560508822.00000000057CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57CE000
|
| Size: |
4096
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.1418012109.0000000000150000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
4E01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E01000
|
| Size: |
98304
|
|
|
4784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4784000
|
| Size: |
192512
|
|
|
863E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476786261.000000000863E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
863E000
|
| Size: |
8192
|
|
|
7560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314417737.0000000007560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7560000
|
| Size: |
65536
|
|
|
16B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286872535.00000000016B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B8000
|
| Size: |
593920
|
|
|
3AC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC4000
|
| Size: |
8192
|
|
|
BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420860335.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
24576
|
|
|
3B94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B94000
|
| Size: |
8192
|
|
|
8320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1425084700.0000000008320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8320000
|
| Size: |
65536
|
|
|
3575000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003575000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3575000
|
| Size: |
32768
|
|
|
441E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000441E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
441E000
|
| Size: |
8192
|
|
|
85A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421029718.00000000085A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85A0000
|
| Size: |
65536
|
|
|
52E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286175798.000000000052E000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
52E000
|
| Size: |
36864
|
|
|
6ADE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570717575.0000000006ADE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ADE000
|
| Size: |
8192
|
|
|
6540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1563754398.0000000006540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6540000
|
| Size: |
65536
|
|
|
5C28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C28000
|
| Size: |
4096
|
|
|
151000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000000.1284148291.0000000000151000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
151000
|
| Size: |
581632
|
|
|
4853000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004853000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
4096
|
|
|
814E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475584428.000000000814E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
814E000
|
| Size: |
8192
|
|
|
44A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44A8000
|
| Size: |
8192
|
|
|
3179000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003179000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3179000
|
| Size: |
4096
|
|
|
461F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326959384.000000000461F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
461F000
|
| Size: |
4096
|
|
|
730A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.000000000730A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
730A000
|
| Size: |
8192
|
|
|
FB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1322914016.0000000000FB0000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
17AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1310268205.00000000017AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17AD000
|
| Size: |
8192
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542232303.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
4096
|
|
|
7570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313236578.0000000007570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7570000
|
| Size: |
65536
|
|
|
30F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543476079.00000000030F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30F0000
|
| Size: |
4096
|
|
|
797E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329834378.000000000797E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
797E000
|
| Size: |
8192
|
|
|
364C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000364C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
364C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
44F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F9000
|
| Size: |
8192
|
|
|
3D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D3B000
|
| Size: |
8192
|
|
|
6E08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329056652.0000000006E08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E08000
|
| Size: |
4096
|
|
|
6C01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475271585.0000000006C01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C01000
|
| Size: |
8192
|
|
|
5C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562337034.0000000005C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C9E000
|
| Size: |
8192
|
|
|
CFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1394032795.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CFC000
|
| Size: |
57344
|
|
|
43E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43E9000
|
| Size: |
12288
|
|
|
877000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310566469.0000000000877000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
877000
|
| Size: |
8192
|
|
|
9CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419818749.00000000009CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CE000
|
| Size: |
8192
|
|
|
8330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423053020.0000000008330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8330000
|
| Size: |
65536
|
|
|
3591000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003591000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3591000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
30CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543335574.00000000030CA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30CA000
|
| Size: |
20480
|
|
|
5C26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C26000
|
| Size: |
4096
|
|
|
4299000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1306083165.0000000004299000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4299000
|
| Size: |
4096
|
|
|
6400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2544983709.0000000006400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6400000
|
| Size: |
65536
|
|
|
83A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424200913.00000000083A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83A0000
|
| Size: |
65536
|
|
|
5CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325315391.00000000005CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CE000
|
| Size: |
8192
|
|
|
83C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325603305.000000000083C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83C000
|
| Size: |
4096
|
|
|
159B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531594252.000000000159B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
159B000
|
| Size: |
20480
|
|
|
8F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326381002.00000000008F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F6000
|
| Size: |
8192
|
|
|
44ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44ED000
|
| Size: |
8192
|
|
|
8510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421625826.0000000008510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8510000
|
| Size: |
65536
|
|
|
1090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1295060887.0000000001090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1090000
|
| Size: |
24576
|
|
|
4E24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E24000
|
| Size: |
4096
|
|
|
5701000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472999420.0000000005701000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5701000
|
| Size: |
12288
|
|
|
3944000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003944000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3944000
|
| Size: |
212992
|
|
|
4E54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E54000
|
| Size: |
4096
|
|
|
5C0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C0B000
|
| Size: |
4096
|
|
|
36E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426551829.00000000036E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36E4000
|
| Size: |
12288
|
|
|
5C56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C56000
|
| Size: |
4096
|
|
|
195E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296400241.000000000195E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
195E000
|
| Size: |
8192
|
|
|
3058000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1393665703.0000000003058000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3058000
|
| Size: |
790528
|
|
|
1D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296442975.0000000001D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1D5E000
|
| Size: |
8192
|
|
|
38CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417170808.00000000038CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38CD000
|
| Size: |
458752
|
|
|
3D69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D69000
|
| Size: |
8192
|
|
|
645E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545143612.000000000645E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
645E000
|
| Size: |
8192
|
|
|
20E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1310795928.000000000020E000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
20E000
|
| Size: |
36864
|
|
|
81D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553837290.00000000081D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81D7000
|
| Size: |
8192
|
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C50000
|
| Size: |
4096
|
|
|
81A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573729707.00000000081A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81A5000
|
| Size: |
20480
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1309505406.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
16BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.00000000016BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16BE000
|
| Size: |
151552
|
|
|
4808000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004808000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4808000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
38C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415157835.00000000038C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C9000
|
| Size: |
4096
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308880734.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
4E5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E5E000
|
| Size: |
4096
|
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1269052656.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B0000
|
| Size: |
90112
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000000.1392220330.0000000000150000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
6907000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.0000000006907000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6907000
|
| Size: |
585728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420577344.0000000008610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8610000
|
| Size: |
65536
|
|
|
8CF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326092441.00000000008CF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8CF000
|
| Size: |
36864
|
|
|
332E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.000000000332E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
332E000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
151000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000E.00000000.1392252162.0000000000151000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
151000
|
| Size: |
581632
|
|
|
75CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2549043292.00000000075CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75CE000
|
| Size: |
8192
|
|
|
154C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2531511242.000000000154C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
154C000
|
| Size: |
16384
|
|
|
695C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570434489.000000000695C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
695C000
|
| Size: |
16384
|
|
|
83EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476606538.00000000083EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83EE000
|
| Size: |
8192
|
|
|
6778000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569095480.0000000006778000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6778000
|
| Size: |
4096
|
|
|
8260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1419796503.0000000008260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8260000
|
| Size: |
40960
|
|
|
C27000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1405010671.0000000000C27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C27000
|
| Size: |
659456
|
|
|
4615000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004615000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4615000
|
| Size: |
729088
|
|
|
393E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1417170808.000000000393E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
393E000
|
| Size: |
24576
|
|
|
873F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476812538.000000000873F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
873F000
|
| Size: |
4096
|
|
|
3888000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003888000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3888000
|
| Size: |
8192
|
|
|
6AAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570510527.0000000006AAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AAC000
|
| Size: |
16384
|
|
|
55FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55FE000
|
| Size: |
4096
|
|
|
83F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421741672.00000000083F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83F0000
|
| Size: |
65536
|
|
|
16E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1286158281.00000000016E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E4000
|
| Size: |
4096
|
|
|
4587000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004587000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4587000
|
| Size: |
4096
|
|
|
3140000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543521183.0000000003140000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3140000
|
| Size: |
65536
|
|
|
16F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.00000000016F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F1000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
8590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421129128.0000000008590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8590000
|
| Size: |
65536
|
|
|
5B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B40000
|
| Size: |
36864
|
|
|
34E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000034E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34E1000
|
| Size: |
12288
|
|
|
380D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413541942.000000000380D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
380D000
|
| Size: |
458752
|
|
|
9DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419818749.00000000009DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DB000
|
| Size: |
20480
|
|
|
36ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000036ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36ED000
|
| Size: |
4096
|
|
|
5C22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C22000
|
| Size: |
4096
|
|
|
39E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000039E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E4000
|
| Size: |
16384
|
|
|
163B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532386096.000000000163B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
163B000
|
| Size: |
4096
|
|
|
47E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47E3000
|
| Size: |
12288
|
|
|
5690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543196155.0000000005690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5690000
|
| Size: |
4096
|
|
|
7730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312727245.0000000007730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7730000
|
| Size: |
65536
|
|
|
8F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326287438.00000000008F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F0000
|
| Size: |
4096
|
|
|
5C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C5E000
|
| Size: |
4096
|
|
|
30DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543449008.00000000030DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30DB000
|
| Size: |
8192
|
|
|
529D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541454599.000000000529D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
529D000
|
| Size: |
12288
|
|
|
83C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1424041689.00000000083C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83C0000
|
| Size: |
131072
|
|
|
5892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561121313.0000000005892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5892000
|
| Size: |
12288
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1308694272.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1283990322.0000000000150000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
1DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.1418238481.00000000001DF000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1DF000
|
| Size: |
147456
|
|
|
1319000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.0000000001319000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1319000
|
| Size: |
12288
|
|
|
5693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2543196155.0000000005693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5693000
|
| Size: |
8192
|
|
|
7CA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1573130979.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7CA0000
|
| Size: |
65536
|
|
|
3BC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BC6000
|
| Size: |
188416
|
|
|
43F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326766591.00000000043F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43F2000
|
| Size: |
4096
|
|
|
68F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2545868207.00000000068F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68F4000
|
| Size: |
16384
|
|
|
37B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37B7000
|
| Size: |
8192
|
|
|
739D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571953959.000000000739D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
739D000
|
| Size: |
12288
|
|
|
5B51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561488184.0000000005B51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B51000
|
| Size: |
16384
|
|
|
77E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312245141.00000000077E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77E0000
|
| Size: |
65536
|
|
|
3E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419609834.00000000003E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E0000
|
| Size: |
4096
|
|
|
51C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1472599549.00000000051C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51C0000
|
| Size: |
4096
|
|
|
81F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1475672541.00000000081F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
65536
|
|
|
886000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310789113.0000000000886000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
886000
|
| Size: |
16384
|
|
|
4A0B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1327208435.0000000004A0B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A0B000
|
| Size: |
4096
|
|
|
8FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2554115141.0000000008FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8FD0000
|
| Size: |
1085440
|
|
|
3654000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471658869.0000000003654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3654000
|
| Size: |
98304
|
|
|
3150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543550487.0000000003150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
12288
|
|
|
67F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569969808.00000000067F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67F5000
|
| Size: |
12288
|
|
|
4483000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004483000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4483000
|
| Size: |
8192
|
|
|
3D81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003D81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D81000
|
| Size: |
4096
|
|
|
532000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000001.00000000.1267763245.0000000000532000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
532000
|
| Size: |
8192
|
|
|
4E56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327670942.0000000004E56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E56000
|
| Size: |
4096
|
|
|
81A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1573701630.00000000081A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81A1000
|
| Size: |
4096
|
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530044360.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F5000
|
| Size: |
16384
|
|
|
387B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.000000000387B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
387B000
|
| Size: |
8192
|
|
|
5612000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.0000000005612000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5612000
|
| Size: |
49152
|
|
|
5C58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C58000
|
| Size: |
4096
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1420788895.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
4096
|
|
|
73E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572012621.00000000073E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73E0000
|
| Size: |
12288
|
|
|
36BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1471813131.00000000036BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36BE000
|
| Size: |
65536
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1560858334.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
53248
|
|
|
3809000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1413541942.0000000003809000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3809000
|
| Size: |
4096
|
|
|
7260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2548674854.0000000007260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7260000
|
| Size: |
57344
|
|
|
3101000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003101000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3101000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
488F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000488F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488F000
|
| Size: |
8192
|
|
|
174B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542339859.000000000174B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
174B000
|
| Size: |
12288
|
|
|
393E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1415157835.000000000393E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
393E000
|
| Size: |
24576
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325361021.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
1660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311474280.0000000001660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
24576
|
|
|
313E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543499176.000000000313E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313E000
|
| Size: |
8192
|
|
|
7590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314185272.0000000007590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7590000
|
| Size: |
131072
|
|
|
5EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1562459935.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EA0000
|
| Size: |
65536
|
|
|
5850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473534012.0000000005850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5850000
|
| Size: |
4096
|
|
|
6570000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1564025606.0000000006570000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6570000
|
| Size: |
65536
|
|
|
888000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1310884015.0000000000888000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
888000
|
| Size: |
8192
|
|
|
3562000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003562000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3562000
|
| Size: |
69632
|
|
|
83E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1421785476.00000000083E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83E0000
|
| Size: |
65536
|
|
|
80CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2553772966.00000000080CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80CE000
|
| Size: |
8192
|
|
|
36D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1296552650.00000000036D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36D0000
|
| Size: |
4096
|
|
|
7766000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572827647.0000000007766000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7766000
|
| Size: |
20480
|
|
|
3377000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2533012290.0000000003377000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3377000
|
| Size: |
3092480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1470813231.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
14BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1542254059.00000000014BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14BE000
|
| Size: |
8192
|
|
|
131E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.000000000131E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131E000
|
| Size: |
159744
|
|
|
7250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570998847.0000000007250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7250000
|
| Size: |
65536
|
|
|
1771000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1287075493.0000000001771000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1771000
|
| Size: |
200704
|
|
|
6C47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2547520284.0000000006C47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C47000
|
| Size: |
32768
|
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1286488597.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9B5000
|
| Size: |
12288
|
|
|
580D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473105260.000000000580D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
580D000
|
| Size: |
4096
|
|
|
2F8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532578824.0000000002F8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8C000
|
| Size: |
16384
|
|
|
2FA0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532673205.0000000002FA0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2FA0000
|
| Size: |
4096
|
|
|
3674000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418144470.0000000003674000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3674000
|
| Size: |
86016
|
|
|
915F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1476991462.000000000915F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
915F000
|
| Size: |
4096
|
|
|
75A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1313084372.00000000075A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
75A0000
|
| Size: |
65536
|
|
|
FA9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2529911530.0000000000FA9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FA9000
|
| Size: |
28672
|
|
|
5826000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473266710.0000000005826000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5826000
|
| Size: |
8192
|
|
|
59FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1561408456.00000000059FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59FE000
|
| Size: |
8192
|
|
|
3663000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1423322679.0000000003663000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3663000
|
| Size: |
36864
|
|
|
86A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325831307.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86A000
|
| Size: |
4096
|
|
|
437F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.000000000437F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
437F000
|
| Size: |
20480
|
|
|
9EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419818749.00000000009EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EF000
|
| Size: |
4096
|
|
|
4530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4530000
|
| Size: |
4096
|
|
|
7300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1571485108.0000000007300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7300000
|
| Size: |
4096
|
|
|
58AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473624030.00000000058AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58AE000
|
| Size: |
8192
|
|
|
3652000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003652000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3652000
|
| Size: |
139264
|
|
|
5A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1473987567.0000000005A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A01000
|
| Size: |
28672
|
|
|
6750000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1568532950.0000000006750000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6750000
|
| Size: |
16384
|
|
|
6852000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570312551.0000000006852000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6852000
|
| Size: |
12288
|
|
|
673C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1568235750.000000000673C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
673C000
|
| Size: |
16384
|
|
|
76CF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572440971.00000000076CF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76CF000
|
| Size: |
28672
|
|
|
37CC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.00000000037CC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CC000
|
| Size: |
16384
|
|
|
5C69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1474177410.0000000005C69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C69000
|
| Size: |
266240
|
|
|
582A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1473306267.000000000582A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
582A000
|
| Size: |
4096
|
|
|
13CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1421518357.00000000013CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13CF000
|
| Size: |
4096
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325470938.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
69632
|
|
|
36B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426233213.00000000036B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36B4000
|
| Size: |
16384
|
|
|
3595000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1268683686.0000000003595000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3595000
|
| Size: |
790528
|
|
|
7520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1314614433.0000000007520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7520000
|
| Size: |
65536
|
|
|
4608000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004608000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4608000
|
| Size: |
4096
|
|
|
15B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311353533.00000000015B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B0000
|
| Size: |
20480
|
|
|
3DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1419327408.00000000003DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DE000
|
| Size: |
8192
|
|
|
3807000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003807000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3807000
|
| Size: |
290816
|
|
|
3B40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1281915305.0000000003B40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B40000
|
| Size: |
729088
|
|
|
1637000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2532359913.0000000001637000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1637000
|
| Size: |
4096
|
|
|
44A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000044A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44A0000
|
| Size: |
4096
|
|
|
138E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2530263238.000000000138E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138E000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
43F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000043F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43F3000
|
| Size: |
8192
|
|
|
30D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2532824024.00000000030D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D4000
|
| Size: |
49152
|
|
|
8630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1420447140.0000000008630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8630000
|
| Size: |
28672
|
|
|
3685000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1418225882.0000000003685000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3685000
|
| Size: |
16384
|
|
|
47F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.00000000047F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47F4000
|
| Size: |
4096
|
|
|
1699000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1311580465.0000000001699000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1699000
|
| Size: |
4096
|
|
|
4391000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004391000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4391000
|
| Size: |
8192
|
|
|
4050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000004050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4050000
|
| Size: |
36864
|
|
|
6F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329082709.0000000006F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F9E000
|
| Size: |
8192
|
|
|
4520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1553659306.0000000004520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4520000
|
| Size: |
8192
|
|
|
67B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1569519515.00000000067B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67B0000
|
| Size: |
8192
|
|
|
72B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2548873233.00000000072B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
72B0000
|
| Size: |
57344
|
|
|
55FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2541734942.00000000055FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55FA000
|
| Size: |
4096
|
|
|
680E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1570025627.000000000680E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680E000
|
| Size: |
28672
|
|
|
3BBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003BBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BBB000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
36CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1426174192.00000000036CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36CB000
|
| Size: |
12288
|
|
|
7B0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1572962562.0000000007B0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B0F000
|
| Size: |
4096
|
|
|
7790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312388232.0000000007790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7790000
|
| Size: |
196608
|
|
|
30A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1543072913.00000000030A3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
30A3000
|
| Size: |
4096
|
|
|
3B65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1543788659.0000000003B65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B65000
|
| Size: |
8192
|
|
