7FFAAC36D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915349590.00007FFAAC36D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC36D000
|
Size: |
12288
|
|
7FFAAC41C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915596614.00007FFAAC41C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC41C000
|
Size: |
12288
|
|
219C75E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914181434.00000219C75E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C75E0000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
219AF222000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878208519.00000219AF222000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF222000
|
Size: |
12288
|
|
9B22AFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877417953.0000009B22AFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22AFE000
|
Size: |
8192
|
|
1203000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520353981.0000000001203000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1203000
|
Size: |
4096
|
|
219BF3AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF3AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF3AA000
|
Size: |
290816
|
|
11F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520290770.00000000011F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F8000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
219AD58F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD58F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD58F000
|
Size: |
12288
|
|
DFB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520121199.0000000000DFB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DFB000
|
Size: |
20480
|
|
3810000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520876786.0000000003810000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3810000
|
Size: |
4096
|
|
9B23235000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877567785.0000009B23235000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B23235000
|
Size: |
45056
|
|
3B10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520991340.0000000003B10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3B10000
|
Size: |
253952
|
|
7FFB1A752000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1919139075.00007FFB1A752000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1A752000
|
Size: |
8192
|
|
7FFAAC51A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916060677.00007FFAAC51A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC51A000
|
Size: |
24576
|
|
1259000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520418828.0000000001259000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1259000
|
Size: |
12288
|
|
219AD705000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878167263.00000219AD705000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD705000
|
Size: |
40960
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520232488.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B0000
|
Size: |
28672
|
|
9B22DFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877515581.0000009B22DFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22DFE000
|
Size: |
8192
|
|
219AD6C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878114332.00000219AD6C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD6C0000
|
Size: |
4096
|
|
7FFAAC560000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916377290.00007FFAAC560000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC560000
|
Size: |
65536
|
|
7FFAAC511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916060677.00007FFAAC511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC511000
|
Size: |
32768
|
|
219AF220000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878208519.00000219AF220000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF220000
|
Size: |
4096
|
|
3680000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520822501.0000000003680000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3680000
|
Size: |
4096
|
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918617705.00007FFAAC6B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC6B0000
|
Size: |
24576
|
|
14FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520562081.00000000014FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14FE000
|
Size: |
8192
|
|
219AD700000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878167263.00000219AD700000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD700000
|
Size: |
16384
|
|
9B22D7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877498499.0000009B22D7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22D7E000
|
Size: |
8192
|
|
219AD410000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877658966.00000219AD410000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD410000
|
Size: |
16384
|
|
219AD585000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD585000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD585000
|
Size: |
4096
|
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918388290.00007FFAAC680000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC680000
|
Size: |
12288
|
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917570342.00007FFAAC610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC610000
|
Size: |
65536
|
|
219C7490000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1912878089.00000219C7490000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7490000
|
Size: |
180224
|
|
2F00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520674565.0000000002F00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F00000
|
Size: |
16384
|
|
7FFAAC5A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916798020.00007FFAAC5A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5A0000
|
Size: |
65536
|
|
219AF7C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF7C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF7C6000
|
Size: |
24576
|
|
7DF421290000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915153015.00007DF421290000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7DF421290000
|
Size: |
4096
|
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918674360.00007FFAAC6C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC6C0000
|
Size: |
49152
|
|
9B22BFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877449265.0000009B22BFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22BFD000
|
Size: |
12288
|
|
7FFAAC416000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915546463.00007FFAAC416000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC416000
|
Size: |
24576
|
|
219AF370000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1878333129.00000219AF370000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
219AF370000
|
Size: |
4096
|
|
219C7713000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C7713000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7713000
|
Size: |
147456
|
|
219AF7E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF7E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF7E1000
|
Size: |
3407872
|
|
7FFAAC6D2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918767629.00007FFAAC6D2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC6D2000
|
Size: |
28672
|
|
7FFB1A755000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1919139075.00007FFB1A755000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1A755000
|
Size: |
4096
|
|
219C7384000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1912376822.00000219C7384000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7384000
|
Size: |
364544
|
|
1180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520214900.0000000001180000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1180000
|
Size: |
8192
|
|
219AD640000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878029274.00000219AD640000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AD640000
|
Size: |
16384
|
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918060411.00007FFAAC650000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC650000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
219C74C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1912878089.00000219C74C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C74C0000
|
Size: |
20480
|
|
7FFAAC410000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915503319.00007FFAAC410000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC410000
|
Size: |
8192
|
|
219AD589000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD589000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD589000
|
Size: |
4096
|
|
7421F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1521121179.000000007421F000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7421F000
|
Size: |
12288
|
|
219B11DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B11DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B11DE000
|
Size: |
2883584
|
|
219C7514000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1913215813.00000219C7514000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7514000
|
Size: |
233472
|
|
7FFAAC550000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1916343053.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC550000
|
Size: |
12288
|
|
219C7747000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C7747000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7747000
|
Size: |
8192
|
|
219AF7D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF7D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF7D1000
|
Size: |
61440
|
|
1156000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520155512.0000000001156000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1156000
|
Size: |
8192
|
|
219B0C0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0C0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0C0E000
|
Size: |
2068480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918425714.00007FFAAC690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC690000
|
Size: |
65536
|
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917684938.00007FFAAC620000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC620000
|
Size: |
65536
|
|
2DFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520635591.0000000002DFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DFD000
|
Size: |
12288
|
|
219C773A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C773A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C773A000
|
Size: |
49152
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520858651.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
37DF000
|
Size: |
4096
|
|
219AF7C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF7C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF7C3000
|
Size: |
8192
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.1520058217.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
327680
|
|
7FFB1A750000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919106348.00007FFB1A750000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7FFB1A750000
|
Size: |
8192
|
|
219AD567000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD567000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD567000
|
Size: |
90112
|
|
7FFAAC520000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1916175892.00007FFAAC520000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC520000
|
Size: |
4096
|
|
219AD58B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD58B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD58B000
|
Size: |
12288
|
|
9B22C7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877464945.0000009B22C7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22C7E000
|
Size: |
8192
|
|
1205000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520353981.0000000001205000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1205000
|
Size: |
323584
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
219C7738000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C7738000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7738000
|
Size: |
4096
|
|
7FFAAC420000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915639672.00007FFAAC420000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC420000
|
Size: |
36864
|
|
1150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520155512.0000000001150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1150000
|
Size: |
16384
|
|
219C74D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1913215813.00000219C74D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C74D4000
|
Size: |
258048
|
|
219AFB22000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AFB22000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AFB22000
|
Size: |
143360
|
|
219AD564000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD564000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD564000
|
Size: |
8192
|
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918524506.00007FFAAC6A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC6A0000
|
Size: |
57344
|
|
13BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520526397.00000000013BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
13BE000
|
Size: |
8192
|
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915963718.00007FFAAC500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC500000
|
Size: |
65536
|
|
219AD57F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD57F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD57F000
|
Size: |
8192
|
|
219C76C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C76C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C76C0000
|
Size: |
53248
|
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917841941.00007FFAAC630000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC630000
|
Size: |
65536
|
|
219C7569000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1913923032.00000219C7569000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C7569000
|
Size: |
155648
|
|
9B22B7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877433357.0000009B22B7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22B7E000
|
Size: |
8192
|
|
7FFAAC446000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915710276.00007FFAAC446000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC446000
|
Size: |
69632
|
|
219AD6F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878130571.00000219AD6F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD6F5000
|
Size: |
24576
|
|
1170000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520191863.0000000001170000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1170000
|
Size: |
4096
|
|
219AF260000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1878274766.00000219AF260000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
219AF260000
|
Size: |
4096
|
|
3813000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520897255.0000000003813000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3813000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
74200000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1521039399.0000000074200000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
74200000
|
Size: |
4096
|
|
219AD430000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877676776.00000219AD430000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD430000
|
Size: |
4096
|
|
38AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520942995.00000000038AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38AC000
|
Size: |
77824
|
|
1270000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520481147.0000000001270000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1270000
|
Size: |
40960
|
|
219BF5FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF5FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF5FA000
|
Size: |
7712768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9B227C5000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877379610.0000009B227C5000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B227C5000
|
Size: |
45056
|
|
3910000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520970423.0000000003910000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3910000
|
Size: |
4096
|
|
366F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520804209.000000000366F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
366F000
|
Size: |
4096
|
|
219B0E08000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0E08000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0E08000
|
Size: |
172032
|
|
219AD552000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877709202.00000219AD552000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD552000
|
Size: |
32768
|
|
219AF280000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878291667.00000219AF280000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AF280000
|
Size: |
16384
|
|
7FFAAC5B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916894649.00007FFAAC5B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5B0000
|
Size: |
65536
|
|
219BF5EB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF5EB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF5EB000
|
Size: |
12288
|
|
219AD4E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877709202.00000219AD4E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD4E0000
|
Size: |
462848
|
|
7FFB1A746000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1919035524.00007FFB1A746000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1A746000
|
Size: |
40960
|
|
219BF381000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF381000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF381000
|
Size: |
53248
|
|
219AD5A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD5A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD5A1000
|
Size: |
16384
|
|
219B0E34000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0E34000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0E34000
|
Size: |
364544
|
|
9B23D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877624561.0000009B23D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B23D0E000
|
Size: |
8192
|
|
7FFAAC542000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916257601.00007FFAAC542000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC542000
|
Size: |
49152
|
|
7421D000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1521101003.000000007421D000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7421D000
|
Size: |
8192
|
|
74216000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1521080624.0000000074216000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
74216000
|
Size: |
28672
|
|
9B22CBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877480544.0000009B22CBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22CBF000
|
Size: |
4096
|
|
11E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520290770.00000000011E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11E3000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9B2333B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877606653.0000009B2333B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B2333B000
|
Size: |
20480
|
|
7FFAAC364000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915279969.00007FFAAC364000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC364000
|
Size: |
36864
|
|
219AF360000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878313975.00000219AF360000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
219AF360000
|
Size: |
4096
|
|
219BF3F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF3F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF3F5000
|
Size: |
2015232
|
|
7FFAAC360000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915185976.00007FFAAC360000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC360000
|
Size: |
4096
|
|
9B22A7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877400811.0000009B22A7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22A7E000
|
Size: |
8192
|
|
7FFAAC480000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915816508.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC480000
|
Size: |
94208
|
|
7FFAAC530000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1916205945.00007FFAAC530000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC530000
|
Size: |
20480
|
|
219AD660000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878058743.00000219AD660000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AD660000
|
Size: |
65536
|
|
328D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520696039.000000000328D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
328D000
|
Size: |
12288
|
|
127C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520481147.000000000127C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
127C000
|
Size: |
16384
|
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918281535.00007FFAAC670000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC670000
|
Size: |
65536
|
|
219B0F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0F7E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0F7E000
|
Size: |
4096
|
|
74201000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.1521055619.0000000074201000.00000020.00000001.01000000.00000008.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
74201000
|
Size: |
86016
|
|
14BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520545453.00000000014BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14BE000
|
Size: |
8192
|
|
2DA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520614734.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DA0000
|
Size: |
4096
|
|
219AF1F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878208519.00000219AF1F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF1F0000
|
Size: |
4096
|
|
7FFAAC580000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916585684.00007FFAAC580000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC580000
|
Size: |
65536
|
|
219C76D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914286703.00000219C76D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C76D5000
|
Size: |
245760
|
|
219B0558000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0558000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0558000
|
Size: |
7012352
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
219AD5CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD5CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD5CD000
|
Size: |
73728
|
|
219AD6B0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1878080804.00000219AD6B0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
219AD6B0000
|
Size: |
20480
|
|
7FFAAC590000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916694346.00007FFAAC590000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC590000
|
Size: |
65536
|
|
219AF381000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF381000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF381000
|
Size: |
540672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9B22E7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877532381.0000009B22E7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B22E7D000
|
Size: |
12288
|
|
125E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520418828.000000000125E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
125E000
|
Size: |
20480
|
|
7FFB1A731000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.1918910769.00007FFB1A731000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
7FFB1A731000
|
Size: |
86016
|
|
219B11DA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B11DA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B11DA000
|
Size: |
8192
|
|
2EFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520656084.0000000002EFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2EFD000
|
Size: |
12288
|
|
11CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520232488.00000000011CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11CD000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
219AD6B7000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1878080804.00000219AD6B7000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
219AD6B7000
|
Size: |
8192
|
|
9B231BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877550273.0000009B231BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B231BE000
|
Size: |
8192
|
|
219BF390000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1899446660.00000219BF390000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219BF390000
|
Size: |
69632
|
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1918175091.00007FFAAC660000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC660000
|
Size: |
65536
|
|
38A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520923557.00000000038A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38A8000
|
Size: |
4096
|
|
219AD55C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD55C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD55C000
|
Size: |
28672
|
|
7FFAAC370000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915388301.00007FFAAC370000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC370000
|
Size: |
40960
|
|
219AD610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878014444.00000219AD610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AD610000
|
Size: |
4096
|
|
15FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520587241.00000000015FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15FF000
|
Size: |
4096
|
|
219B0F80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0F80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0F80000
|
Size: |
1646592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
10FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520139441.00000000010FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10FB000
|
Size: |
20480
|
|
9B232BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877588741.0000009B232BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B232BE000
|
Size: |
8192
|
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917240122.00007FFAAC5E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5E0000
|
Size: |
65536
|
|
11B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520232488.00000000011B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B8000
|
Size: |
69632
|
|
219AD330000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877640046.00000219AD330000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD330000
|
Size: |
4096
|
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917951282.00007FFAAC640000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC640000
|
Size: |
65536
|
|
219C78C0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915035763.00000219C78C0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
219C78C0000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
459000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.1520058217.0000000000459000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
459000
|
Size: |
16384
|
|
7FFAAC363000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1915248500.00007FFAAC363000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC363000
|
Size: |
4096
|
|
219AF408000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF408000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF408000
|
Size: |
1671168
|
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917349170.00007FFAAC5F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5F0000
|
Size: |
65536
|
|
219AFB4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AFB4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AFB4E000
|
Size: |
36864
|
|
126A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520460406.000000000126A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126A000
|
Size: |
20480
|
|
219AD587000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD587000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD587000
|
Size: |
4096
|
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916991124.00007FFAAC5C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5C0000
|
Size: |
65536
|
|
34FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520758826.00000000034FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
34FD000
|
Size: |
12288
|
|
7FFB1A730000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1918884865.00007FFB1A730000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1A730000
|
Size: |
4096
|
|
219B1114000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B1114000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B1114000
|
Size: |
802816
|
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917459627.00007FFAAC600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC600000
|
Size: |
65536
|
|
7FFAAC570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1916478310.00007FFAAC570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC570000
|
Size: |
65536
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520839959.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
36DE000
|
Size: |
8192
|
|
219C74BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1912878089.00000219C74BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C74BE000
|
Size: |
4096
|
|
219C75C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914181434.00000219C75C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C75C0000
|
Size: |
4096
|
|
338D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520718255.000000000338D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
338D000
|
Size: |
12288
|
|
11DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520290770.00000000011DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11DC000
|
Size: |
16384
|
|
219C74C8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1913215813.00000219C74C8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219C74C8000
|
Size: |
45056
|
|
219AD650000
|
heap
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1878044884.00000219AD650000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
219AD650000
|
Size: |
4096
|
|
7FFAAC362000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915185976.00007FFAAC362000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC362000
|
Size: |
4096
|
|
33FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520739268.00000000033FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
33FD000
|
Size: |
12288
|
|
219AF7CD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF7CD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF7CD000
|
Size: |
8192
|
|
219AFB58000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AFB58000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AFB58000
|
Size: |
10485760
|
|
219AD5C8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877788861.00000219AD5C8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD5C8000
|
Size: |
16384
|
|
356E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1520782848.000000000356E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
356E000
|
Size: |
8192
|
|
7FFAAC5D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1917105236.00007FFAAC5D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC5D0000
|
Size: |
65536
|
|
219B0E8E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219B0E8E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219B0E8E000
|
Size: |
974848
|
|
219AF5A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AF5A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AF5A7000
|
Size: |
2203648
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
219AD470000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1877693591.00000219AD470000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD470000
|
Size: |
4096
|
|
219AD6F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878130571.00000219AD6F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
219AD6F0000
|
Size: |
12288
|
|
7FFAAC37B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1915388301.00007FFAAC37B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC37B000
|
Size: |
8192
|
|
219AFB46000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1878353723.00000219AFB46000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
219AFB46000
|
Size: |
28672
|
|