E22000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1733229520.0000000000E22000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E22000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
61E1000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.1862015301.00000000061E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
61E1000
|
Size: |
401408
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
1185000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996174218.0000000001185000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1185000
|
Size: |
16384
|
|
11BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996293126.00000000011BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BD000
|
Size: |
12288
|
|
38A0000
|
trusted library allocation
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2996915916.00000000038A0000.00000002.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page readonly
|
Base address: |
38A0000
|
Size: |
4096
|
|
1896000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860721321.0000000001896000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1896000
|
Size: |
36864
|
|
1310000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860154027.0000000001310000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1310000
|
Size: |
4096
|
|
1246000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996552834.0000000001246000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1246000
|
Size: |
65536
|
|
3AC7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997084431.0000000003AC7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AC7000
|
Size: |
20480
|
|
15A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860525625.00000000015A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
15A0000
|
Size: |
24576
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996787138.00000000034DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
34DE000
|
Size: |
8192
|
|
3AB5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997084431.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AB5000
|
Size: |
16384
|
|
1487000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860421316.0000000001487000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1487000
|
Size: |
4096
|
|
1490000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860442999.0000000001490000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1490000
|
Size: |
16384
|
|
31F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860788335.00000000031F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31F4000
|
Size: |
4096
|
|
10FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996127025.00000000010FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10FB000
|
Size: |
20480
|
|
314F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860761165.000000000314F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
314F000
|
Size: |
4096
|
|
1477000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860371135.0000000001477000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1477000
|
Size: |
24576
|
|
11C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996293126.00000000011C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11C3000
|
Size: |
4096
|
|
3A4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997053357.0000000003A4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A4A000
|
Size: |
45056
|
|
15B0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860617666.00000000015B0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
15B0000
|
Size: |
4096
|
|
4249000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861753980.0000000004249000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4249000
|
Size: |
331776
|
|
1150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996160640.0000000001150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1150000
|
Size: |
8192
|
|
325D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996719068.000000000325D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
325D000
|
Size: |
12288
|
|
E38000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1733348415.0000000000E38000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E38000
|
Size: |
331776
|
|
533D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861896279.000000000533D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
533D000
|
Size: |
12288
|
|
1348000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001348000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1348000
|
Size: |
12288
|
|
335C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996738117.000000000335C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
335C000
|
Size: |
16384
|
|
132E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.000000000132E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
132E000
|
Size: |
102400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996960693.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
38FE000
|
Size: |
8192
|
|
318E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860774872.000000000318E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
318E000
|
Size: |
8192
|
|
2ED0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996700252.0000000002ED0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2ED0000
|
Size: |
16384
|
|
3204000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860788335.0000000003204000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3204000
|
Size: |
8192
|
|
3216000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860788335.0000000003216000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3216000
|
Size: |
4096
|
|
3230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860857007.0000000003230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3230000
|
Size: |
4096
|
|
123F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996520135.000000000123F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
123F000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
F90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860116191.0000000000F90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
4096
|
|
3890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996900593.0000000003890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3890000
|
Size: |
4096
|
|
3225000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860788335.0000000003225000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3225000
|
Size: |
36864
|
|
1100000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996146231.0000000001100000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1100000
|
Size: |
4096
|
|
12F8000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860141520.00000000012F8000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
12F8000
|
Size: |
32768
|
|
388E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996879677.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
388E000
|
Size: |
8192
|
|
3241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860869718.0000000003241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3241000
|
Size: |
16384
|
|
1328000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001328000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1328000
|
Size: |
16384
|
|
18A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860748091.00000000018A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18A0000
|
Size: |
12288
|
|
170E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860656165.000000000170E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
170E000
|
Size: |
8192
|
|
1870000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860703940.0000000001870000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1870000
|
Size: |
65536
|
|
363E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996823762.000000000363E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
363E000
|
Size: |
8192
|
|
1570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860465283.0000000001570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1570000
|
Size: |
4096
|
|
148A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860431572.000000000148A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
148A000
|
Size: |
4096
|
|
4241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861753980.0000000004241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4241000
|
Size: |
20480
|
|
E34000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1733313056.0000000000E34000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E34000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
1320000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001320000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1320000
|
Size: |
24576
|
|
F1C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860085141.0000000000F1C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F1C000
|
Size: |
16384
|
|
11E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996384702.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11E7000
|
Size: |
28672
|
|
15FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860630600.00000000015FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15FE000
|
Size: |
8192
|
|
458000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2995997100.0000000000458000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
458000
|
Size: |
16384
|
|
F80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860101973.0000000000F80000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F80000
|
Size: |
4096
|
|
1600000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860643963.0000000001600000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1600000
|
Size: |
8192
|
|
3A6F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997084431.0000000003A6F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A6F000
|
Size: |
126976
|
|
3C36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997409275.0000000003C36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C36000
|
Size: |
552960
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996807892.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
35DF000
|
Size: |
4096
|
|
123C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996520135.000000000123C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
123C000
|
Size: |
8192
|
|
1495000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860442999.0000000001495000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1495000
|
Size: |
12288
|
|
FDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860128577.0000000000FDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
FDE000
|
Size: |
8192
|
|
11C6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996293126.00000000011C6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11C6000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3A33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997006562.0000000003A33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A33000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
57F0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1861952530.00000000057F0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
57F0000
|
Size: |
4096
|
|
349F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996771000.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
349F000
|
Size: |
4096
|
|
1198000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996213823.0000000001198000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1198000
|
Size: |
69632
|
|
3246000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860898882.0000000003246000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3246000
|
Size: |
5251072
|
|
39FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996978687.00000000039FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
39FF000
|
Size: |
4096
|
|
2D9D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996664190.0000000002D9D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D9D000
|
Size: |
12288
|
|
3A8F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997084431.0000000003A8F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A8F000
|
Size: |
126976
|
|
13A8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.00000000013A8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13A8000
|
Size: |
8192
|
|
1190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996213823.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
28672
|
|
11F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996384702.00000000011F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F8000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
3E7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997644052.0000000003E7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E7E000
|
Size: |
8192
|
|
339E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996755426.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
339E000
|
Size: |
8192
|
|
3A40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997037607.0000000003A40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A40000
|
Size: |
8192
|
|
1850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860692576.0000000001850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1850000
|
Size: |
4096
|
|
157B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860500300.000000000157B000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
157B000
|
Size: |
4096
|
|
1203000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996442853.0000000001203000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1203000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
2D40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996646517.0000000002D40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D40000
|
Size: |
4096
|
|
38A2000
|
trusted library allocation
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2996944417.00000000038A2000.00000002.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page readonly
|
Base address: |
38A2000
|
Size: |
4096
|
|
3ABC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997084431.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3ABC000
|
Size: |
20480
|
|
1366000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001366000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1366000
|
Size: |
4096
|
|
378D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996859481.000000000378D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
378D000
|
Size: |
12288
|
|
1257000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996581307.0000000001257000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1257000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
1460000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860338984.0000000001460000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1460000
|
Size: |
4096
|
|
3B30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997331743.0000000003B30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3B30000
|
Size: |
253952
|
|
134D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.000000000134D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
134D000
|
Size: |
32768
|
|
38A1000
|
trusted library allocation
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2996930166.00000000038A1000.00000020.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute read
|
Base address: |
38A1000
|
Size: |
4096
|
|
D9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996107902.0000000000D9B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D9B000
|
Size: |
20480
|
|
1474000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860371135.0000000001474000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1474000
|
Size: |
8192
|
|
3AD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997316761.0000000003AD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AD1000
|
Size: |
12288
|
|
1480000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860410664.0000000001480000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1480000
|
Size: |
4096
|
|
1271000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996614977.0000000001271000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1271000
|
Size: |
24576
|
|
1464000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860360374.0000000001464000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1464000
|
Size: |
4096
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2995997100.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
323584
|
|
3A30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996992841.0000000003A30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A30000
|
Size: |
4096
|
|
1369000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001369000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1369000
|
Size: |
253952
|
|
5680000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861915272.0000000005680000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5680000
|
Size: |
40960
|
|
E20000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1733149652.0000000000E20000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E20000
|
Size: |
4096
|
|
1180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996174218.0000000001180000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1180000
|
Size: |
16384
|
|
5813000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861967210.0000000005813000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5813000
|
Size: |
12288
|
|
3A37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997020253.0000000003A37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A37000
|
Size: |
20480
|
|
11EF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996384702.00000000011EF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11EF000
|
Size: |
8192
|
|
11AC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996213823.00000000011AC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11AC000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
1577000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860484683.0000000001577000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1577000
|
Size: |
4096
|
|
1890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860721321.0000000001890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1890000
|
Size: |
20480
|
|
1470000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860371135.0000000001470000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1470000
|
Size: |
12288
|
|
11DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996364258.00000000011DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11DF000
|
Size: |
24576
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996683904.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E9E000
|
Size: |
8192
|
|
3245000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860885486.0000000003245000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
3245000
|
Size: |
4096
|
|
1463000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1860350032.0000000001463000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1463000
|
Size: |
4096
|
|
1590000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860511697.0000000001590000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1590000
|
Size: |
4096
|
|
180E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860669439.000000000180E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
180E000
|
Size: |
8192
|
|
3D7C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2997605208.0000000003D7C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D7C000
|
Size: |
16384
|
|
578E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1861936681.000000000578E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
578E000
|
Size: |
8192
|
|
184E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860681073.000000000184E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
184E000
|
Size: |
8192
|
|
3219000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860788335.0000000003219000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3219000
|
Size: |
4096
|
|
1356000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001356000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1356000
|
Size: |
16384
|
|
126E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996614977.000000000126E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126E000
|
Size: |
8192
|
|
373F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2996844174.000000000373F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
373F000
|
Size: |
4096
|
|
1363000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860165669.0000000001363000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1363000
|
Size: |
8192
|
|
145E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1860326116.000000000145E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
145E000
|
Size: |
8192
|
|