21F24A32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A32000
|
Size: |
4096
|
|
21F24A16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A16000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
21F22B20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327946808.0000021F22B20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F22B20000
|
Size: |
4096
|
|
2906AE0F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186114248.000002906AE0F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0F000
|
Size: |
94208
|
|
BD00AFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2186907801.000000BD00AFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD00AFE000
|
Size: |
8192
|
|
2906AE17000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186804599.000002906AE17000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE17000
|
Size: |
61440
|
|
27E4AF68000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF68000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF68000
|
Size: |
77824
|
|
21F22911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F22911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22911000
|
Size: |
8192
|
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2638134470.00007FFD34940000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34940000
|
Size: |
65536
|
|
9CAA343000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2326903548.0000009CAA343000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA343000
|
Size: |
53248
|
|
308F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749110363.000000000308F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
308F000
|
Size: |
4096
|
|
29EAA0D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188178192.0000029EAA0D0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA0D0000
|
Size: |
4096
|
|
2906C7F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187589348.000002906C7F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906C7F0000
|
Size: |
4096
|
|
BD014FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187104028.000000BD014FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD014FB000
|
Size: |
20480
|
|
9F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F1000
|
Size: |
12288
|
|
A0F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A0F000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
21F25474000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F25474000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F25474000
|
Size: |
10485760
|
|
27E4AF01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF01000
|
Size: |
53248
|
|
29EAA224000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188248595.0000029EAA224000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA224000
|
Size: |
12288
|
|
29EAA244000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188352416.0000029EAA244000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA244000
|
Size: |
8192
|
|
21F24330000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328043097.0000021F24330000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
21F24330000
|
Size: |
73728
|
|
29EAA200000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188248595.0000029EAA200000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA200000
|
Size: |
24576
|
|
29EAA1B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188201267.0000029EAA1B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA1B0000
|
Size: |
8192
|
|
2906ABD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187124258.000002906ABD0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ABD0000
|
Size: |
4096
|
|
21F228F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228F5000
|
Size: |
12288
|
|
29EABEC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188642206.0000029EABEC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EABEC0000
|
Size: |
8192
|
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2634943329.00007FFD34890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34890000
|
Size: |
65536
|
|
27E49090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597328881.0000027E49090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49090000
|
Size: |
4096
|
|
2906AE0D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186729624.000002906AE0D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0D000
|
Size: |
4096
|
|
27E4AB99000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AB99000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AB99000
|
Size: |
184320
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
29EAA257000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177931255.0000029EAA257000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA257000
|
Size: |
4096
|
|
A00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A00000
|
Size: |
8192
|
|
C185DFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596748794.000000C185DFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185DFE000
|
Size: |
8192
|
|
27E63160000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632393158.0000027E63160000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63160000
|
Size: |
8192
|
|
2906AE5D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187561937.000002906AE5D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE5D000
|
Size: |
73728
|
|
21F22B00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327926566.0000021F22B00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F22B00000
|
Size: |
16384
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186804599.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
27E4915C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E4915C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E4915C000
|
Size: |
16384
|
|
9CAA7FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327011315.0000009CAA7FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA7FF000
|
Size: |
4096
|
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2633977901.00007FFD34820000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34820000
|
Size: |
65536
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2178139579.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
8192
|
|
9CAA9BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327082773.0000009CAA9BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA9BE000
|
Size: |
8192
|
|
21F29074000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F29074000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F29074000
|
Size: |
10485760
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177931255.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
8192
|
|
27E63120000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2632221578.0000027E63120000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
27E63120000
|
Size: |
20480
|
|
2906CB41000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2183009303.000002906CB41000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB41000
|
Size: |
8192
|
|
21F2A474000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F2A474000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F2A474000
|
Size: |
10485760
|
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2635959398.00007FFD348D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348D0000
|
Size: |
65536
|
|
29EAA24F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177805358.0000029EAA24F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA24F000
|
Size: |
20480
|
|
2906AE0E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185193402.000002906AE0E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0E000
|
Size: |
98304
|
|
21F2293D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F2293D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F2293D000
|
Size: |
466944
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2636430479.00007FFD348F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348F0000
|
Size: |
65536
|
|
27E62FD6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E62FD6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E62FD6000
|
Size: |
176128
|
|
21F228F9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228F9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228F9000
|
Size: |
4096
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2183654677.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
65536
|
|
96B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2742546290.000000000096B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
96B000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
21F228D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228D7000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E4B098000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B098000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B098000
|
Size: |
24576
|
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2637873103.00007FFD34930000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34930000
|
Size: |
65536
|
|
2906CB41000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2183654677.000002906CB41000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB41000
|
Size: |
8192
|
|
29EAA1D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188225482.0000029EAA1D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA1D0000
|
Size: |
4096
|
|
2906AE34000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185082930.000002906AE34000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE34000
|
Size: |
73728
|
|
27E4AF10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF10000
|
Size: |
94208
|
|
27E49122000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E49122000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49122000
|
Size: |
12288
|
|
DE5B4FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188152812.000000DE5B4FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DE5B4FF000
|
Size: |
4096
|
|
29EAA207000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188248595.0000029EAA207000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA207000
|
Size: |
90112
|
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2633313657.00007FFD34730000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34730000
|
Size: |
4096
|
|
2906AE47000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187505665.000002906AE47000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE47000
|
Size: |
61440
|
|
9CAACBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327194934.0000009CAACBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAACBF000
|
Size: |
4096
|
|
27E491B6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2599807262.0000027E491B6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E491B6000
|
Size: |
45056
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187615603.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
65536
|
|
DAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748332911.0000000000DAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DAE000
|
Size: |
8192
|
|
21F228BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228BA000
|
Size: |
114688
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E62F80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628661396.0000027E62F80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E62F80000
|
Size: |
16384
|
|
2906CB40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187615603.000002906CB40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB40000
|
Size: |
8192
|
|
27E4B096000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B096000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B096000
|
Size: |
4096
|
|
27E4AC4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC4D000
|
Size: |
8192
|
|
27E491CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600139241.0000027E491CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E491CC000
|
Size: |
12288
|
|
2906AE02000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186635887.000002906AE02000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE02000
|
Size: |
20480
|
|
BD010FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187009307.000000BD010FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD010FD000
|
Size: |
12288
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186635887.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177513696.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
114688
|
|
7FF6F4E7E000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2176644148.00007FF6F4E7E000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E7E000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
27E4B1F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B1F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B1F5000
|
Size: |
49152
|
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2638688315.00007FFD34960000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34960000
|
Size: |
65536
|
|
21F24687000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24687000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24687000
|
Size: |
1679360
|
|
AC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748105479.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
AC0000
|
Size: |
16384
|
|
27E4A9F0000
|
heap
|
page readonly
|
|
|
|
Name: |
00000005.00000002.2600590666.0000027E4A9F0000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
27E4A9F0000
|
Size: |
4096
|
|
21F2C274000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F2C274000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F2C274000
|
Size: |
4026368
|
|
27E4AA10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600877218.0000027E4AA10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E4AA10000
|
Size: |
12288
|
|
27E4AC67000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC67000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC67000
|
Size: |
8192
|
|
2DEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748942698.0000000002DEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DEE000
|
Size: |
8192
|
|
3190000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749629459.0000000003190000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3190000
|
Size: |
4096
|
|
21F249E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F249E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F249E9000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E49113000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E49113000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49113000
|
Size: |
16384
|
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2634534536.00007FFD34850000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34850000
|
Size: |
16384
|
|
2906CB4F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182734529.000002906CB4F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB4F000
|
Size: |
8192
|
|
29EACBCF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177721383.0000029EACBCF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EACBCF000
|
Size: |
4096
|
|
2906AD80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187229815.000002906AD80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AD80000
|
Size: |
167936
|
|
2906ADAA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187253428.000002906ADAA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADAA000
|
Size: |
81920
|
|
29EAA227000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2178279411.0000029EAA227000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA227000
|
Size: |
126976
|
|
21F228EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228EE000
|
Size: |
4096
|
|
BD00DFF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2186954781.000000BD00DFF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD00DFF000
|
Size: |
4096
|
|
21F24465000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328119640.0000021F24465000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F24465000
|
Size: |
16384
|
|
C185F7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596889792.000000C185F7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185F7E000
|
Size: |
8192
|
|
7FFD3483A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2634238824.00007FFD3483A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD3483A000
|
Size: |
24576
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187421548.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
27E490E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E490E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E490E4000
|
Size: |
53248
|
|
27E62FA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E62FA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E62FA5000
|
Size: |
143360
|
|
2906AE0F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187385396.000002906AE0F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0F000
|
Size: |
32768
|
|
C185E7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596804298.000000C185E7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185E7F000
|
Size: |
4096
|
|
7FF6F4E7C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188880104.00007FF6F4E7C000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7FF6F4E7C000
|
Size: |
8192
|
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2634684408.00007FFD34880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34880000
|
Size: |
65536
|
|
9EF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009EF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9EF000
|
Size: |
4096
|
|
A60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748001808.0000000000A60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A60000
|
Size: |
4096
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188421833.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
8192
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2183009303.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
57344
|
|
2906ADFD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187315841.000002906ADFD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADFD000
|
Size: |
8192
|
|
27E493A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600242860.0000027E493A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E493A0000
|
Size: |
16384
|
|
DE5B47E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188130071.000000DE5B47E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DE5B47E000
|
Size: |
8192
|
|
27E4AA00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600624399.0000027E4AA00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AA00000
|
Size: |
65536
|
|
93E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741547125.000000000093E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
93E000
|
Size: |
8192
|
|
459000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.2739607669.0000000000459000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
459000
|
Size: |
16384
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186114248.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
27E490D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E490D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E490D0000
|
Size: |
45056
|
|
27E63127000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2632221578.0000027E63127000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
27E63127000
|
Size: |
4096
|
|
21F2B874000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F2B874000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F2B874000
|
Size: |
10485760
|
|
2906ADEF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187315841.000002906ADEF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADEF000
|
Size: |
12288
|
|
27E49118000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E49118000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49118000
|
Size: |
4096
|
|
27E4AA90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601052000.0000027E4AA90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E4AA90000
|
Size: |
4096
|
|
2906AE01000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187350104.000002906AE01000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE01000
|
Size: |
4096
|
|
2F40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749029966.0000000002F40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F40000
|
Size: |
4096
|
|
27E49161000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E49161000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49161000
|
Size: |
344064
|
|
2906AD6C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182872547.000002906AD6C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AD6C000
|
Size: |
12288
|
|
27E6300B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E6300B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E6300B000
|
Size: |
106496
|
|
2906AE6F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2184839429.000002906AE6F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE6F000
|
Size: |
16384
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182908468.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
57344
|
|
27E4AC50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC50000
|
Size: |
8192
|
|
21F22B84000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328009771.0000021F22B84000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22B84000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E5AB9C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2626926050.0000027E5AB9C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E5AB9C000
|
Size: |
36864
|
|
2906ACD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187157922.000002906ACD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ACD0000
|
Size: |
4096
|
|
2906CB4B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182908468.000002906CB4B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB4B000
|
Size: |
16384
|
|
27E5AB31000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2626926050.0000027E5AB31000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E5AB31000
|
Size: |
53248
|
|
29EAA257000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177805358.0000029EAA257000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA257000
|
Size: |
32768
|
|
27E4B061000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B061000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B061000
|
Size: |
167936
|
|
2906AE0F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186729624.000002906AE0F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0F000
|
Size: |
94208
|
|
29EAA244000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187902303.0000029EAA244000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA244000
|
Size: |
8192
|
|
21F22B40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327977807.0000021F22B40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F22B40000
|
Size: |
65536
|
|
2906CB43000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182800528.000002906CB43000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB43000
|
Size: |
49152
|
|
7FFD34740000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2633509577.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34740000
|
Size: |
24576
|
|
27E6305D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2631168858.0000027E6305D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E6305D000
|
Size: |
65536
|
|
21F25E74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F25E74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F25E74000
|
Size: |
10485760
|
|
7FFD34736000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2633350449.00007FFD34736000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34736000
|
Size: |
24576
|
|
2906ADBE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186275266.000002906ADBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADBE000
|
Size: |
77824
|
|
21F243F0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2328081858.0000021F243F0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
21F243F0000
|
Size: |
4096
|
|
7DF489C00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2632791817.00007DF489C00000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7DF489C00000
|
Size: |
4096
|
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2635708684.00007FFD348C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348C0000
|
Size: |
65536
|
|
27E4A9E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600552574.0000027E4A9E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4A9E0000
|
Size: |
4096
|
|
7FF6F4E79000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2176608229.00007FF6F4E79000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E79000
|
Size: |
12288
|
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2638974456.00007FFD34970000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34970000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2634498903.00007FFD34840000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34840000
|
Size: |
4096
|
|
29CD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748523912.00000000029CD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
29CD000
|
Size: |
12288
|
|
27E491C2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2599984361.0000027E491C2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E491C2000
|
Size: |
36864
|
|
27E4AC61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC61000
|
Size: |
8192
|
|
2906ADA9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186179106.000002906ADA9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADA9000
|
Size: |
196608
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2184881258.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
118784
|
|
29EAA263000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188504133.0000029EAA263000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA263000
|
Size: |
12288
|
|
9CAB88C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327299677.0000009CAB88C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAB88C000
|
Size: |
16384
|
|
2906ADC5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186603750.000002906ADC5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADC5000
|
Size: |
49152
|
|
27E49134000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E49134000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49134000
|
Size: |
20480
|
|
29EAA25A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177931255.0000029EAA25A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA25A000
|
Size: |
20480
|
|
7FF6F4E7C000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2176626318.00007FF6F4E7C000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7FF6F4E7C000
|
Size: |
4096
|
|
940000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741597979.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940000
|
Size: |
28672
|
|
9CAB80D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327268479.0000009CAB80D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAB80D000
|
Size: |
12288
|
|
27E49070000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597263288.0000027E49070000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49070000
|
Size: |
12288
|
|
21F22A80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327887739.0000021F22A80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22A80000
|
Size: |
8192
|
|
2906AE56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2184814023.000002906AE56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE56000
|
Size: |
118784
|
|
9CAA87E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327030258.0000009CAA87E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA87E000
|
Size: |
8192
|
|
21F24A07000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A07000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A07000
|
Size: |
12288
|
|
27E63003000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E63003000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63003000
|
Size: |
4096
|
|
29EAA246000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177805358.0000029EAA246000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA246000
|
Size: |
8192
|
|
27E4AEFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AEFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AEFD000
|
Size: |
12288
|
|
9ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9ED000
|
Size: |
4096
|
|
7FF6F4E79000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188838046.00007FF6F4E79000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E79000
|
Size: |
12288
|
|
21F24A12000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A12000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A12000
|
Size: |
12288
|
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2636948084.00007FFD34910000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34910000
|
Size: |
65536
|
|
2906AD60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187177803.000002906AD60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AD60000
|
Size: |
16384
|
|
27E4AB31000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AB31000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AB31000
|
Size: |
20480
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186729624.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
29EAA258000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177877609.0000029EAA258000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA258000
|
Size: |
28672
|
|
27E4AB20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2601093796.0000027E4AB20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
27E4AB20000
|
Size: |
4096
|
|
2906ADE6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185625983.000002906ADE6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADE6000
|
Size: |
32768
|
|
2906ADEB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187298263.000002906ADEB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADEB000
|
Size: |
12288
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741297124.00000000005A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5A0000
|
Size: |
4096
|
|
29EAA25A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188421833.0000029EAA25A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA25A000
|
Size: |
20480
|
|
29EAC8C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188704625.0000029EAC8C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAC8C0000
|
Size: |
8192
|
|
C185CFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596630295.000000C185CFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185CFE000
|
Size: |
8192
|
|
9E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9E3000
|
Size: |
8192
|
|
29EAA22C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188352416.0000029EAA22C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA22C000
|
Size: |
94208
|
|
7FFD34683000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2632871225.00007FFD34683000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34683000
|
Size: |
4096
|
|
9CAA6FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2326971752.0000009CAA6FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA6FE000
|
Size: |
8192
|
|
31DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749665230.00000000031DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31DE000
|
Size: |
4096
|
|
21F24475000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328187781.0000021F24475000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F24475000
|
Size: |
507904
|
|
27E63073000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2631933160.0000027E63073000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63073000
|
Size: |
49152
|
|
2906ADF2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2184881258.000002906ADF2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADF2000
|
Size: |
212992
|
|
C185C7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596554536.000000C185C7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185C7E000
|
Size: |
8192
|
|
29EAA224000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187963513.0000029EAA224000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA224000
|
Size: |
12288
|
|
27E4B050000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B050000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B050000
|
Size: |
40960
|
|
3390000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749699913.0000000003390000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3390000
|
Size: |
217088
|
|
29EAA25A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187854733.0000029EAA25A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA25A000
|
Size: |
20480
|
|
27E4AF7D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF7D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF7D000
|
Size: |
798720
|
|
21F26874000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F26874000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F26874000
|
Size: |
10485760
|
|
2906ADC5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187253428.000002906ADC5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADC5000
|
Size: |
49152
|
|
27E4AC9F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC9F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC9F000
|
Size: |
532480
|
|
9CAAA37000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327106268.0000009CAAA37000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAAA37000
|
Size: |
36864
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.2739607669.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
327680
|
|
27E4B1EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B1EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B1EA000
|
Size: |
36864
|
|
A0B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.0000000000A0B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A0B000
|
Size: |
12288
|
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2635469457.00007FFD348B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348B0000
|
Size: |
65536
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177805358.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
8192
|
|
2906AE47000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2184881258.000002906AE47000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE47000
|
Size: |
61440
|
|
9CAA8FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327049941.0000009CAA8FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA8FE000
|
Size: |
8192
|
|
2906ACB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187140890.000002906ACB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ACB0000
|
Size: |
8192
|
|
BD007EA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2186882648.000000BD007EA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD007EA000
|
Size: |
24576
|
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2639242989.00007FFD34980000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34980000
|
Size: |
24576
|
|
9CAABBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327163036.0000009CAABBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAABBE000
|
Size: |
8192
|
|
27E4AB7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AB7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AB7B000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9CAA3CD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2326922948.0000009CAA3CD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA3CD000
|
Size: |
12288
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182969860.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
57344
|
|
27E490DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E490DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E490DC000
|
Size: |
28672
|
|
2906AE09000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187366661.000002906AE09000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE09000
|
Size: |
16384
|
|
9F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F5000
|
Size: |
20480
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177877609.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
8192
|
|
2906ADEE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185419449.000002906ADEE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADEE000
|
Size: |
16384
|
|
ABD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748039868.0000000000ABD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
ABD000
|
Size: |
12288
|
|
9CAB78E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327248320.0000009CAB78E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAB78E000
|
Size: |
8192
|
|
9CAAC3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327180866.0000009CAAC3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAAC3E000
|
Size: |
8192
|
|
7FFD34870000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2634653652.00007FFD34870000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34870000
|
Size: |
4096
|
|
27E62F85000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E62F85000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E62F85000
|
Size: |
126976
|
|
9CAA979000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327067267.0000009CAA979000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA979000
|
Size: |
28672
|
|
27E4AA15000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600877218.0000027E4AA15000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E4AA15000
|
Size: |
4096
|
|
29EAA220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188248595.0000029EAA220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA220000
|
Size: |
12288
|
|
21F228B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228B0000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
21F2446A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328119640.0000021F2446A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F2446A000
|
Size: |
4096
|
|
21F228F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228F3000
|
Size: |
4096
|
|
21F27C74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F27C74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F27C74000
|
Size: |
10485760
|
|
997000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2742546290.0000000000997000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
997000
|
Size: |
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
27E4AA17000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600877218.0000027E4AA17000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E4AA17000
|
Size: |
12288
|
|
2F8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749067031.0000000002F8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F8E000
|
Size: |
8192
|
|
27E4ABCD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4ABCD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4ABCD000
|
Size: |
520192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2EEF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748995919.0000000002EEF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2EEF000
|
Size: |
4096
|
|
C18623E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597025033.000000C18623E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C18623E000
|
Size: |
8192
|
|
2906ADD1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186220211.000002906ADD1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADD1000
|
Size: |
32768
|
|
2906ADD9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185625983.000002906ADD9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADD9000
|
Size: |
28672
|
|
948000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741597979.0000000000948000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
948000
|
Size: |
61440
|
|
30A6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749195384.00000000030A6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
30A6000
|
Size: |
4096
|
|
2906AD65000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187177803.000002906AD65000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AD65000
|
Size: |
40960
|
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2639599184.00007FFD349A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD349A0000
|
Size: |
4096
|
|
7FFD34682000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632831873.00007FFD34682000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34682000
|
Size: |
4096
|
|
9CAAAB9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327123883.0000009CAAAB9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAAAB9000
|
Size: |
28672
|
|
2D8D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748879559.0000000002D8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D8D000
|
Size: |
12288
|
|
C18633E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597079363.000000C18633E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C18633E000
|
Size: |
8192
|
|
21F24601000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24601000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24601000
|
Size: |
536576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2906ADE9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186494177.000002906ADE9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADE9000
|
Size: |
20480
|
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2635205523.00007FFD348A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348A0000
|
Size: |
65536
|
|
27E5AB40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2626926050.0000027E5AB40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E5AB40000
|
Size: |
356352
|
|
2ACD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748603762.0000000002ACD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2ACD000
|
Size: |
12288
|
|
3128000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749588961.0000000003128000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3128000
|
Size: |
4096
|
|
27E63140000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632359126.0000027E63140000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63140000
|
Size: |
4096
|
|
2C8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748830512.0000000002C8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C8E000
|
Size: |
8192
|
|
21F22B80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328009771.0000021F22B80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22B80000
|
Size: |
12288
|
|
AD6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748179072.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
AD6000
|
Size: |
8192
|
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2633145692.00007FFD34690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34690000
|
Size: |
40960
|
|
21F22938000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F22938000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22938000
|
Size: |
4096
|
|
2906AE0F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186635887.000002906AE0F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE0F000
|
Size: |
94208
|
|
21F24828000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24828000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24828000
|
Size: |
1835008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E63240000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2632442584.0000027E63240000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
27E63240000
|
Size: |
4096
|
|
9CAADBB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327228025.0000009CAADBB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAADBB000
|
Size: |
20480
|
|
27E4B0A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B0A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B0A0000
|
Size: |
229376
|
|
29EAA25A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2178139579.0000029EAA25A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA25A000
|
Size: |
20480
|
|
2906AE18000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187421548.000002906AE18000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE18000
|
Size: |
57344
|
|
2C3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748731261.0000000002C3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C3E000
|
Size: |
8192
|
|
2906AD68000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182836526.000002906AD68000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AD68000
|
Size: |
28672
|
|
7FFD3473C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2633460975.00007FFD3473C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3473C000
|
Size: |
8192
|
|
BD012FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187052913.000000BD012FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD012FE000
|
Size: |
8192
|
|
8FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741440718.00000000008FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8FB000
|
Size: |
20480
|
|
21F249FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F249FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F249FE000
|
Size: |
28672
|
|
298D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748378803.000000000298D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
298D000
|
Size: |
12288
|
|
21F29A74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F29A74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F29A74000
|
Size: |
10485760
|
|
27E48F90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597224346.0000027E48F90000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E48F90000
|
Size: |
4096
|
|
BD011FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187031581.000000BD011FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD011FE000
|
Size: |
8192
|
|
27E4AF29000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF29000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF29000
|
Size: |
77824
|
|
21F24440000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2328100835.0000021F24440000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
21F24440000
|
Size: |
4096
|
|
309A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749147956.000000000309A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
309A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
21F2AE74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F2AE74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F2AE74000
|
Size: |
10485760
|
|
21F228F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228F1000
|
Size: |
4096
|
|
7FFD3468D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2633083166.00007FFD3468D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3468D000
|
Size: |
12288
|
|
C185973000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2594709491.000000C185973000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185973000
|
Size: |
53248
|
|
29EAC9CF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177721383.0000029EAC9CF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAC9CF000
|
Size: |
16384
|
|
95C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741996768.000000000095C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95C000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
DE5B1FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188106362.000000DE5B1FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DE5B1FE000
|
Size: |
8192
|
|
CAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748292994.0000000000CAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CAF000
|
Size: |
4096
|
|
30A2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749195384.00000000030A2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
30A2000
|
Size: |
12288
|
|
27E4B045000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B045000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B045000
|
Size: |
40960
|
|
27E4AC64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC64000
|
Size: |
8192
|
|
29EAA262000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2188015739.0000029EAA262000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA262000
|
Size: |
16384
|
|
21F27274000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F27274000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F27274000
|
Size: |
10485760
|
|
27E4B0DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B0DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B0DF000
|
Size: |
1089536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
21F228FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F228FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F228FF000
|
Size: |
12288
|
|
7FFD34684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632904709.00007FFD34684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34684000
|
Size: |
36864
|
|
29EABE30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188615299.0000029EABE30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EABE30000
|
Size: |
4096
|
|
21F24350000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328064850.0000021F24350000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24350000
|
Size: |
8192
|
|
7FFD34766000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2633613707.00007FFD34766000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34766000
|
Size: |
49152
|
|
9CAA77A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2326994349.0000009CAA77A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA77A000
|
Size: |
24576
|
|
7FFD34862000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2634619196.00007FFD34862000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34862000
|
Size: |
4096
|
|
21F2293A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F2293A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F2293A000
|
Size: |
8192
|
|
27E4AF53000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF53000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF53000
|
Size: |
81920
|
|
BD00BFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2186930592.000000BD00BFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD00BFE000
|
Size: |
8192
|
|
2906AE09000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186635887.000002906AE09000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE09000
|
Size: |
20480
|
|
DE5B17E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188084383.000000DE5B17E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DE5B17E000
|
Size: |
8192
|
|
2906AE47000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185082930.000002906AE47000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE47000
|
Size: |
61440
|
|
7FFD34831000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2634238824.00007FFD34831000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34831000
|
Size: |
32768
|
|
21F22890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327365636.0000021F22890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22890000
|
Size: |
20480
|
|
27E4A9C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600483644.0000027E4A9C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4A9C0000
|
Size: |
12288
|
|
9CAB90E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327324327.0000009CAB90E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAB90E000
|
Size: |
8192
|
|
29EAA4AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188540093.0000029EAA4AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA4AB000
|
Size: |
16384
|
|
21F24A1A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A1A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A1A000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
C18603F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596979176.000000C18603F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C18603F000
|
Size: |
4096
|
|
2906AE36000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187505665.000002906AE36000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE36000
|
Size: |
65536
|
|
21F22914000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327391964.0000021F22914000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22914000
|
Size: |
4096
|
|
21F24A74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A74000
|
Size: |
10485760
|
|
972000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2742546290.0000000000972000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
972000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27E62FCF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2628748083.0000027E62FCF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E62FCF000
|
Size: |
24576
|
|
27E4B08B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4B08B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4B08B000
|
Size: |
40960
|
|
29EAA4A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188540093.0000029EAA4A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA4A5000
|
Size: |
16384
|
|
29EAA24F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177931255.0000029EAA24F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA24F000
|
Size: |
20480
|
|
27E493A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600242860.0000027E493A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E493A5000
|
Size: |
40960
|
|
21F22AC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327908173.0000021F22AC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22AC0000
|
Size: |
4096
|
|
29EAA263000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177877609.0000029EAA263000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA263000
|
Size: |
12288
|
|
C1863BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597138033.000000C1863BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C1863BC000
|
Size: |
16384
|
|
29EABEC3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188642206.0000029EABEC3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EABEC3000
|
Size: |
16384
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741391056.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F0000
|
Size: |
8192
|
|
29EAA263000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177919120.0000029EAA263000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA263000
|
Size: |
12288
|
|
27E4AD22000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AD22000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AD22000
|
Size: |
1937408
|
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2638406861.00007FFD34950000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34950000
|
Size: |
65536
|
|
27E4AC6A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC6A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC6A000
|
Size: |
204800
|
|
27E634B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632755091.0000027E634B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E634B0000
|
Size: |
4096
|
|
2B3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748676847.0000000002B3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B3E000
|
Size: |
8192
|
|
29EAA4A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188540093.0000029EAA4A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA4A0000
|
Size: |
16384
|
|
27E6306E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2631933160.0000027E6306E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E6306E000
|
Size: |
16384
|
|
2906CB46000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182969860.000002906CB46000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB46000
|
Size: |
20480
|
|
989000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2742546290.0000000000989000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
989000
|
Size: |
53248
|
|
7FF6F4E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2176569111.00007FF6F4E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E70000
|
Size: |
4096
|
|
27E4AB38000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AB38000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AB38000
|
Size: |
81920
|
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2637459756.00007FFD34920000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34920000
|
Size: |
65536
|
|
21F245F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328266454.0000021F245F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F245F0000
|
Size: |
32768
|
|
2906ADE9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186220211.000002906ADE9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADE9000
|
Size: |
20480
|
|
53B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741183317.000000000053B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
53B000
|
Size: |
20480
|
|
29EAC0C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188684516.0000029EAC0C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
29EAC0C0000
|
Size: |
4096
|
|
9CAA67E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2326950178.0000009CAA67E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAA67E000
|
Size: |
8192
|
|
29EAA22C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187902303.0000029EAA22C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA22C000
|
Size: |
94208
|
|
27E4AF3D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AF3D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AF3D000
|
Size: |
86016
|
|
2906AE07000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2186316216.000002906AE07000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE07000
|
Size: |
28672
|
|
C1859FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596185314.000000C1859FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C1859FE000
|
Size: |
8192
|
|
27E63270000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2632474212.0000027E63270000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63270000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
BD00EFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2186980310.000000BD00EFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD00EFE000
|
Size: |
8192
|
|
2906CB56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182734529.000002906CB56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB56000
|
Size: |
57344
|
|
21F22880000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327347520.0000021F22880000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F22880000
|
Size: |
4096
|
|
21F28674000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F28674000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F28674000
|
Size: |
10485760
|
|
7FFD347A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2633905457.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD347A0000
|
Size: |
16384
|
|
C185D7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596687374.000000C185D7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185D7D000
|
Size: |
12288
|
|
2906CB52000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2182734529.000002906CB52000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906CB52000
|
Size: |
8192
|
|
2906ADFF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185383384.000002906ADFF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADFF000
|
Size: |
61440
|
|
27E4AC54000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AC54000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AC54000
|
Size: |
49152
|
|
C185FBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596938209.000000C185FBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185FBF000
|
Size: |
4096
|
|
2906AE29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185193402.000002906AE29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906AE29000
|
Size: |
45056
|
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2636194179.00007FFD348E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD348E0000
|
Size: |
65536
|
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2639342231.00007FFD34990000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34990000
|
Size: |
61440
|
|
DE5B0FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2188061640.000000DE5B0FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DE5B0FB000
|
Size: |
20480
|
|
27E49360000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2600201947.0000027E49360000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E49360000
|
Size: |
4096
|
|
29EAA220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187963513.0000029EAA220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA220000
|
Size: |
12288
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2741337903.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5EE000
|
Size: |
8192
|
|
30A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2749294430.00000000030A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
30A9000
|
Size: |
69632
|
|
29EAA260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2187854733.0000029EAA260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA260000
|
Size: |
24576
|
|
27E63040000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2631168858.0000027E63040000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E63040000
|
Size: |
114688
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2748179072.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
AD0000
|
Size: |
16384
|
|
7FF6F4E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188746679.00007FF6F4E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E70000
|
Size: |
4096
|
|
27E490F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2597378235.0000027E490F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27E490F2000
|
Size: |
126976
|
|
29EAA243000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2178322444.0000029EAA243000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA243000
|
Size: |
12288
|
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2636688661.00007FFD34900000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34900000
|
Size: |
65536
|
|
7FF6F4E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.2176586369.00007FF6F4E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
7FF6F4E71000
|
Size: |
32768
|
|
21F24460000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328119640.0000021F24460000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21F24460000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
29EAA263000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177805358.0000029EAA263000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29EAA263000
|
Size: |
12288
|
|
27E4AB4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2601131673.0000027E4AB4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
27E4AB4D000
|
Size: |
184320
|
|
21F24A70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2328296399.0000021F24A70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
21F24A70000
|
Size: |
4096
|
|
C185EFF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2596846290.000000C185EFF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C185EFF000
|
Size: |
4096
|
|
21F22B30000
|
heap
|
page readonly
|
|
|
|
Name: |
00000007.00000002.2327961944.0000021F22B30000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
21F22B30000
|
Size: |
4096
|
|
9CAAB38000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327144260.0000009CAAB38000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAAB38000
|
Size: |
32768
|
|
9CAAD3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2327212660.0000009CAAD3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9CAAD3F000
|
Size: |
4096
|
|
9FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.2747315674.00000000009FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9FD000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FF6F4E7E000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188903095.00007FF6F4E7E000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FF6F4E7E000
|
Size: |
122880
|
|
BD013FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2187084255.000000BD013FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BD013FF000
|
Size: |
4096
|
|
2906ADF6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2185291884.000002906ADF6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2906ADF6000
|
Size: |
98304
|
|
7FF6F4E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2188801846.00007FF6F4E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
7FF6F4E71000
|
Size: |
32768
|
|