FB1000
|
unkown
|
page execute and read and write
|
 |
|
|
Name: |
00000000.00000002.2091797382.0000000000FB1000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
FB1000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
8BE000
|
heap
|
page read and write
|
 |
|
|
Name: |
00000000.00000002.2091194636.00000000008BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8BE000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
4C20000
|
direct allocation
|
page read and write
|
 |
|
|
Name: |
00000000.00000003.1809616289.0000000004C20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4C20000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
55C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994331098.00000000055C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C4000
|
Size: |
16384
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808585051.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
4782000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093885544.0000000004782000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4782000
|
Size: |
8192
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058259199.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C9000
|
Size: |
4096
|
|
B670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B670000
|
Size: |
131072
|
|
4F1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094187238.0000000004F1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4F1E000
|
Size: |
8192
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807477730.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834188292.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
425F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093676701.000000000425F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
425F000
|
Size: |
4096
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046816509.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
36864
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2047012290.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
36864
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994019660.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
55C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094500755.00000000055C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C5000
|
Size: |
12288
|
|
4C5B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094038608.0000000004C5B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C5B000
|
Size: |
20480
|
|
1117000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2091797382.0000000001117000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1117000
|
Size: |
675840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
55B7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1981700601.00000000055B7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B7000
|
Size: |
4096
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994173310.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
28672
|
|
55B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985486782.00000000055B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B9000
|
Size: |
28672
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1806538199.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
229376
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832813760.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
559B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094407948.000000000559B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
559B000
|
Size: |
24576
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982735898.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833220577.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834732350.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833786201.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832870432.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046714453.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55AF000
|
Size: |
24576
|
|
55B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982570322.00000000055B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B3000
|
Size: |
32768
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993688081.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834026559.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
B6F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B6F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B6F2000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
993000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000993000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
993000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
11FA000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1800363976.00000000011FA000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
11FA000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1831637273.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
B6FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B6FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B6FA000
|
Size: |
4096
|
|
740000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091116867.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
740000
|
Size: |
16384
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1811508861.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
61ED3000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101265639.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993585353.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
8192
|
|
55C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058555825.00000000055C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C4000
|
Size: |
16384
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982908142.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
97E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982026570.000000000097E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97E000
|
Size: |
4096
|
|
88E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091176472.000000000088E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
88E000
|
Size: |
8192
|
|
FAB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091696781.0000000000FAB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FAB000
|
Size: |
4096
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058345558.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833069254.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
1492000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.0000000001492000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1492000
|
Size: |
36864
|
|
FB0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091778786.0000000000FB0000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
FB0000
|
Size: |
4096
|
|
6C6D0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101863673.000000006C6D0000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C6D0000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833157493.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
6C6CF000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.2101840400.000000006C6CF000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6C6CF000
|
Size: |
4096
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993601947.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
349F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092863831.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
349F000
|
Size: |
4096
|
|
4DAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094084071.0000000004DAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4DAE000
|
Size: |
8192
|
|
3EDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093567579.0000000003EDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3EDE000
|
Size: |
8192
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807893236.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982857433.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
20480
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832135306.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985889144.00000000055C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C4000
|
Size: |
16384
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092882401.00000000034DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
34DE000
|
Size: |
8192
|
|
371F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092944336.000000000371F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
371F000
|
Size: |
4096
|
|
3D9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093518239.0000000003D9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D9E000
|
Size: |
8192
|
|
164D000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2092548274.000000000164D000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
164D000
|
Size: |
8192
|
|
55B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993601947.00000000055B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B9000
|
Size: |
12288
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046852958.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
2B5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092569376.0000000002B5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B5F000
|
Size: |
4096
|
|
B947000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046877215.000000000B947000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B947000
|
Size: |
4096
|
|
55BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994154707.00000000055BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BA000
|
Size: |
20480
|
|
FB1000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.1800189323.0000000000FB1000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
FB1000
|
Size: |
94208
|
|
415E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093655336.000000000415E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
415E000
|
Size: |
8192
|
|
630000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091076751.0000000000630000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
630000
|
Size: |
4096
|
|
56C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1852397219.00000000056C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
56C0000
|
Size: |
172032
|
|
EBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091587402.0000000000EBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EBE000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834804695.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1981700601.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
24576
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834363174.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834775692.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
2CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091008662.00000000002CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CC000
|
Size: |
16384
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833323385.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
6C450000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101349889.000000006C450000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C450000
|
Size: |
4096
|
|
61EB4000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101150267.0000000061EB4000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61EB4000
|
Size: |
12288
|
|
542D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094361469.000000000542D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
542D000
|
Size: |
12288
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833544551.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
61E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2101045357.0000000061E00000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
61E00000
|
Size: |
4096
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092903129.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
35DF000
|
Size: |
4096
|
|
F80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091678746.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F80000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833984063.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
14A9000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.1800396861.00000000014A9000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
14A9000
|
Size: |
1728512
|
|
47A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093885544.00000000047A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
47A0000
|
Size: |
229376
|
|
2FDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092704582.0000000002FDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FDE000
|
Size: |
8192
|
|
11FA000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092044831.00000000011FA000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
11FA000
|
Size: |
4096
|
|
385F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093321473.000000000385F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
385F000
|
Size: |
4096
|
|
14AA000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2092397879.00000000014AA000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
14AA000
|
Size: |
1712128
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834465137.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093885544.0000000004790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4790000
|
Size: |
36864
|
|
515E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094251734.000000000515E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
515E000
|
Size: |
8192
|
|
6C4DE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101483007.000000006C4DE000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C4DE000
|
Size: |
8192
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994211504.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
20480
|
|
4D70000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.1810043576.0000000004D70000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4D70000
|
Size: |
4096
|
|
710000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091098176.0000000000710000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
710000
|
Size: |
8192
|
|
B650000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B650000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B650000
|
Size: |
126976
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1831746148.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
3C8000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091036260.00000000003C8000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C8000
|
Size: |
32768
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833350816.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
902000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000902000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
902000
|
Size: |
12288
|
|
2E5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092627989.0000000002E5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E5F000
|
Size: |
4096
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993726027.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058484856.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55AF000
|
Size: |
24576
|
|
107C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2091797382.000000000107C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
107C000
|
Size: |
245760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
B946000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058389785.000000000B946000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B946000
|
Size: |
12288
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833652724.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
8BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.00000000008BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8BA000
|
Size: |
8192
|
|
389E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093344543.000000000389E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
389E000
|
Size: |
8192
|
|
529F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094294431.000000000529F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
529F000
|
Size: |
4096
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808324485.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982386056.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
24576
|
|
906000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000906000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
906000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
B630000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B630000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B630000
|
Size: |
126976
|
|
53EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094337822.00000000053EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
53EC000
|
Size: |
16384
|
|
B938000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058389785.000000000B938000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B938000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
465E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093825653.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
465E000
|
Size: |
8192
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993601947.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834627935.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
1383000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.0000000001383000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1383000
|
Size: |
929792
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
461F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093804898.000000000461F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
461F000
|
Size: |
4096
|
|
FB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1799811072.0000000000FB0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
FB0000
|
Size: |
4096
|
|
552D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094385543.000000000552D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
552D000
|
Size: |
12288
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833604258.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
979000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982026570.0000000000979000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
979000
|
Size: |
4096
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093431834.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B1E000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833458323.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
98A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982026570.000000000098A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
98A000
|
Size: |
4096
|
|
AEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091534687.0000000000AEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
AEE000
|
Size: |
8192
|
|
F7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091659115.0000000000F7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F7E000
|
Size: |
8192
|
|
39DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093388080.00000000039DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
39DE000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832924589.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994314718.00000000055D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55D4000
|
Size: |
12288
|
|
475F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093847187.000000000475F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
475F000
|
Size: |
4096
|
|
B93F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046877215.000000000B93F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B93F000
|
Size: |
4096
|
|
4880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1806432130.0000000004880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4880000
|
Size: |
172032
|
|
55A9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993507113.00000000055A9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A9000
|
Size: |
12288
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1809393335.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4C10000
|
Size: |
53248
|
|
1469000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.0000000001469000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1469000
|
Size: |
106496
|
|
FAE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091696781.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FAE000
|
Size: |
4096
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807167886.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834684524.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994173310.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
3C1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093454946.0000000003C1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C1F000
|
Size: |
4096
|
|
55B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982386056.00000000055B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B3000
|
Size: |
49152
|
|
14A9000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.00000000014A9000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
14A9000
|
Size: |
4096
|
|
55BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985861858.00000000055BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BC000
|
Size: |
12288
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994089555.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834830950.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833744477.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985486782.00000000055D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55D9000
|
Size: |
16384
|
|
4D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.1810012445.0000000004D90000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4D90000
|
Size: |
4096
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.1809848247.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DA0000
|
Size: |
8192
|
|
3E9F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093539608.0000000003E9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E9F000
|
Size: |
4096
|
|
55B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982802391.00000000055B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B3000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833710600.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
43DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093739592.00000000043DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
43DE000
|
Size: |
8192
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058484856.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C9000
|
Size: |
4096
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994280101.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
55BF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994120405.00000000055BF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BF000
|
Size: |
36864
|
|
61EB7000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101181791.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61EB7000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
55B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993507113.00000000055B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B9000
|
Size: |
12288
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807388865.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994019660.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
20480
|
|
3C5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093475746.0000000003C5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C5E000
|
Size: |
8192
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2046714453.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
36864
|
|
47DA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093885544.00000000047DA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
47DA000
|
Size: |
16384
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982480478.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
934000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000934000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
934000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058345558.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C9000
|
Size: |
4096
|
|
F3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091637827.0000000000F3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F3E000
|
Size: |
8192
|
|
55BF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982706790.00000000055BF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BF000
|
Size: |
36864
|
|
61ED0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101265639.0000000061ED0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED0000
|
Size: |
4096
|
|
1065000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2091797382.0000000001065000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1065000
|
Size: |
77824
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1835155166.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55BF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985773908.00000000055BF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BF000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832008556.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
3FDF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093589696.0000000003FDF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3FDF000
|
Size: |
4096
|
|
6C4F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101543962.000000006C4F0000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C4F0000
|
Size: |
4096
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993601947.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
24576
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808705796.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985773908.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
55D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985745132.00000000055D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55D9000
|
Size: |
16384
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833419494.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
2D5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092608542.0000000002D5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D5F000
|
Size: |
4096
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092678842.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F9F000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833502840.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832188211.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
311E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092753809.000000000311E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
311E000
|
Size: |
8192
|
|
4D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.1809981390.0000000004D80000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4D80000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833859480.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832333241.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
339E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092843783.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
339E000
|
Size: |
8192
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994366386.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993601947.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833678983.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
30DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092730450.00000000030DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
30DF000
|
Size: |
4096
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993568396.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834969200.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994211504.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
36864
|
|
11E8000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2091797382.00000000011E8000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
11E8000
|
Size: |
8192
|
|
505E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094230362.000000000505E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
505E000
|
Size: |
8192
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994211504.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832088726.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834260948.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994366386.00000000055D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55D5000
|
Size: |
8192
|
|
990000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982026570.0000000000990000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
990000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994105535.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
5592000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094407948.0000000005592000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5592000
|
Size: |
8192
|
|
2C5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092589458.0000000002C5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C5F000
|
Size: |
4096
|
|
335F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092822627.000000000335F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
335F000
|
Size: |
4096
|
|
3C3000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091036260.00000000003C3000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C3000
|
Size: |
8192
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982570322.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
45056
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1831960536.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985486782.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
24576
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832506998.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
439F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093719494.000000000439F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
439F000
|
Size: |
4096
|
|
4DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2094125502.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DC0000
|
Size: |
4096
|
|
8FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.00000000008FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8FD000
|
Size: |
8192
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2094146280.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DD0000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833902613.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1809245019.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4C10000
|
Size: |
53248
|
|
5590000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094407948.0000000005590000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5590000
|
Size: |
4096
|
|
B8A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2063527522.000000000B8A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B8A0000
|
Size: |
167936
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994297947.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
61ED4000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101316602.0000000061ED4000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ED4000
|
Size: |
126976
|
|
6C4CD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101456032.000000006C4CD000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C4CD000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1811355708.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
49152
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808036881.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833284645.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1835022976.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
B630000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1965594629.000000000B630000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B630000
|
Size: |
184320
|
|
325E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092799920.000000000325E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
325E000
|
Size: |
8192
|
|
B630000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1878599332.000000000B630000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B630000
|
Size: |
167936
|
|
56C8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094593365.00000000056C8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56C8000
|
Size: |
1110016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
55BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1974204160.00000000055BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BE000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
321F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092777873.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
321F000
|
Size: |
4096
|
|
6C4F1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2101575277.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C4F1000
|
Size: |
1695744
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833381613.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834858456.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
745000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091116867.0000000000745000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745000
|
Size: |
8192
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994019660.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
28672
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994331098.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
24576
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1831801385.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
411F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093634745.000000000411F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
411F000
|
Size: |
4096
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807565798.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
983000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982026570.0000000000983000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
983000
|
Size: |
4096
|
|
78E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091157204.000000000078E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
78E000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832570784.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
3D5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093497608.0000000003D5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D5F000
|
Size: |
4096
|
|
4D5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094062012.0000000004D5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D5F000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832978010.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833628418.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
918000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
918000
|
Size: |
106496
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
B691000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097582422.000000000B691000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B691000
|
Size: |
389120
|
|
55BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982480478.00000000055BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BA000
|
Size: |
20480
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.1809941015.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DA0000
|
Size: |
8192
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993507113.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
8192
|
|
519E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094273067.000000000519E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
519E000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832431377.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
8B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B0000
|
Size: |
32768
|
|
4760000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093866452.0000000004760000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4760000
|
Size: |
4096
|
|
4780000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093885544.0000000004780000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4780000
|
Size: |
4096
|
|
44DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093761816.00000000044DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
44DF000
|
Size: |
4096
|
|
6C6D5000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101891401.000000006C6D5000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C6D5000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982531839.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994120405.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
28672
|
|
149C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.000000000149C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
149C000
|
Size: |
32768
|
|
61E01000
|
direct allocation
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2101071177.0000000061E01000.00000020.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute read
|
Base address: |
61E01000
|
Size: |
733184
|
|
6C451000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2101373842.000000006C451000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C451000
|
Size: |
507904
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833017482.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
399F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093367235.000000000399F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
399F000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833580315.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058555825.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C9000
|
Size: |
4096
|
|
6C6CE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101798061.000000006C6CE000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C6CE000
|
Size: |
4096
|
|
429E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093698100.000000000429E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
429E000
|
Size: |
8192
|
|
401E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093612528.000000000401E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
401E000
|
Size: |
8192
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807049464.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
1034000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2091797382.0000000001034000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
1034000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832262293.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807645725.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
B940000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058389785.000000000B940000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B940000
|
Size: |
4096
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994366386.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
24576
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092647267.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E9E000
|
Size: |
8192
|
|
55CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993688081.00000000055CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55CE000
|
Size: |
24576
|
|
61ECC000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2101213102.0000000061ECC000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ECC000
|
Size: |
4096
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1981566361.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808464806.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
972000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091194636.0000000000972000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
972000
|
Size: |
131072
|
|
55B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1981566361.00000000055B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55B5000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
4DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2094105156.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DB0000
|
Size: |
4096
|
|
55BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1993726027.00000000055BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BD000
|
Size: |
8192
|
|
361E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092923395.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
361E000
|
Size: |
8192
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833824701.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
B88E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097793993.000000000B88E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B88E000
|
Size: |
8192
|
|
FA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091696781.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FA0000
|
Size: |
20480
|
|
55BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094407948.00000000055BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BC000
|
Size: |
32768
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834071733.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834408769.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
164C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092527906.000000000164C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
164C000
|
Size: |
4096
|
|
55BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994019660.00000000055BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BA000
|
Size: |
57344
|
|
B78E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2097773345.000000000B78E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B78E000
|
Size: |
8192
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1994211504.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
53248
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1808185298.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
61ECD000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101236537.0000000061ECD000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ECD000
|
Size: |
12288
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832710428.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2047012290.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55AF000
|
Size: |
24576
|
|
451E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093783449.000000000451E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
451E000
|
Size: |
8192
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094500755.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C9000
|
Size: |
4096
|
|
6C4E2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101512630.000000006C4E2000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C4E2000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982570322.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55A7000
|
Size: |
24576
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094017692.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4C10000
|
Size: |
4096
|
|
11FC000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2092066472.00000000011FC000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
11FC000
|
Size: |
1589248
|
|
501F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094208220.000000000501F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
501F000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1832658212.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094500755.00000000055DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55DC000
|
Size: |
4096
|
|
6C68F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2101748953.000000006C68F000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C68F000
|
Size: |
258048
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
F90000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1807278706.0000000000F90000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F90000
|
Size: |
53248
|
|
4EDF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094166765.0000000004EDF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4EDF000
|
Size: |
4096
|
|
9ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091514478.00000000009ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9ED000
|
Size: |
12288
|
|
EFC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091613724.0000000000EFC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EFC000
|
Size: |
16384
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058259199.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
53248
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833942702.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
55C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982766085.00000000055C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C4000
|
Size: |
16384
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1981678581.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1834312327.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
4781000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1833117117.0000000004781000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4781000
|
Size: |
4096
|
|
375E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2092963941.000000000375E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
375E000
|
Size: |
8192
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058259199.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55AF000
|
Size: |
24576
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982802391.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982857433.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1985486782.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
3ADF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2093410016.0000000003ADF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3ADF000
|
Size: |
4096
|
|
55BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2058484856.00000000055BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55BB000
|
Size: |
53248
|
|
55C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1982386056.00000000055C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C1000
|
Size: |
28672
|
|
52ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2094315283.00000000052ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
52ED000
|
Size: |
12288
|
|
FA7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2091696781.0000000000FA7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FA7000
|
Size: |
12288
|
|