18D00ED7000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.1897942257.0000018D00ED7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00ED7000
|
Size: |
4079616
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Sample uses string decryption to hide its real strings |
AV Detection |
|
Yara signature match |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
402000
|
remote allocation
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.3475845063.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
402000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
18D00469000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.1897942257.0000018D00469000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00469000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
18D00227000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.1897942257.0000018D00227000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00227000
|
Size: |
2256896
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
32E1000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.3479074743.00000000032E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32E1000
|
Size: |
3579904
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
11F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.00000000011F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F5000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
5CAA7FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897087865.0000005CAA7FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAA7FE000
|
Size: |
8192
|
|
18D6DAF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919947247.0000018D6DAF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DAF0000
|
Size: |
4096
|
|
5CAAA7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897126114.0000005CAAA7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAA7F000
|
Size: |
4096
|
|
364C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3479074743.000000000364C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
364C000
|
Size: |
36864
|
|
14C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477992638.00000000014C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14C3000
|
Size: |
40960
|
|
18D6FB00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB00000
|
Size: |
4096
|
|
63AD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485929388.00000000063AD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63AD000
|
Size: |
12288
|
|
18D6FD58000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FD58000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FD58000
|
Size: |
8192
|
|
18D6DB7F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DB7F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DB7F000
|
Size: |
24576
|
|
7FFD9B7D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1926095860.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B7D0000
|
Size: |
16384
|
|
124D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.000000000124D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
124D000
|
Size: |
16384
|
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927768835.00007FFD9B8A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8A0000
|
Size: |
65536
|
|
7FFD9B690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924656760.00007FFD9B690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B690000
|
Size: |
8192
|
|
18D6DDF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921118869.0000018D6DDF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DDF0000
|
Size: |
16384
|
|
18D6F9B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921606219.0000018D6F9B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6F9B0000
|
Size: |
16384
|
|
18D6DBFB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBFB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBFB000
|
Size: |
12288
|
|
6754000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486524650.0000000006754000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6754000
|
Size: |
4096
|
|
7DF4F50F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924346479.00007DF4F50F0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7DF4F50F0000
|
Size: |
4096
|
|
18D6FB53000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB53000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB53000
|
Size: |
4096
|
|
58E9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485179315.00000000058E9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
58E9000
|
Size: |
28672
|
|
18D6FF60000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924171771.0000018D6FF60000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
18D6FF60000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7FFD9B69C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924741139.00007FFD9B69C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B69C000
|
Size: |
12288
|
|
18D02036000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D02036000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D02036000
|
Size: |
638976
|
|
18D01632000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D01632000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D01632000
|
Size: |
8192
|
|
1245000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001245000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1245000
|
Size: |
8192
|
|
616E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485824217.000000000616E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
616E000
|
Size: |
8192
|
|
6600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486353608.0000000006600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6600000
|
Size: |
16384
|
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928027309.00007FFD9B8D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8D0000
|
Size: |
65536
|
|
7FFD9B5E2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924369971.00007FFD9B5E2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B5E2000
|
Size: |
4096
|
|
5CAA775000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897064399.0000005CAA775000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAA775000
|
Size: |
45056
|
|
18D012E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D012E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D012E9000
|
Size: |
983040
|
|
606E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485708421.000000000606E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
606E000
|
Size: |
8192
|
|
7FFD9B700000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1925405780.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B700000
|
Size: |
94208
|
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927402101.00007FFD9B870000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B870000
|
Size: |
65536
|
|
18D1006F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D1006F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D1006F000
|
Size: |
397312
|
|
5BEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485310536.0000000005BEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5BEE000
|
Size: |
8192
|
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924369971.00007FFD9B5E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B5E0000
|
Size: |
4096
|
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926942889.00007FFD9B850000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B850000
|
Size: |
65536
|
|
154E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478309200.000000000154E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
154E000
|
Size: |
8192
|
|
18D00453000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D00453000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00453000
|
Size: |
32768
|
|
5F10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485557191.0000000005F10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5F10000
|
Size: |
32768
|
|
5C2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485347979.0000000005C2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5C2E000
|
Size: |
8192
|
|
6501000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486054151.0000000006501000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6501000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
18D6F4E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921353073.0000018D6F4E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D6F4E0000
|
Size: |
65536
|
|
1570000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478542697.0000000001570000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1570000
|
Size: |
20480
|
|
62AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485889435.00000000062AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62AC000
|
Size: |
16384
|
|
5CAAE79000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897319188.0000005CAAE79000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAE79000
|
Size: |
28672
|
|
14E7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478228801.00000000014E7000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14E7000
|
Size: |
4096
|
|
18D100D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D100D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D100D1000
|
Size: |
4096
|
|
1B7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478876624.0000000001B7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B7E000
|
Size: |
8192
|
|
18D6DDD5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921038945.0000018D6DDD5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DDD5000
|
Size: |
24576
|
|
18D6DBB1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBB1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBB1000
|
Size: |
8192
|
|
18D00E7F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D00E7F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00E7F000
|
Size: |
356352
|
|
5CAADFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897296863.0000005CAADFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAADFD000
|
Size: |
12288
|
|
14E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478206112.00000000014E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14E0000
|
Size: |
4096
|
|
579E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485061516.000000000579E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
579E000
|
Size: |
8192
|
|
18D6DB86000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DB86000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DB86000
|
Size: |
49152
|
|
18D6DBF9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBF9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBF9000
|
Size: |
4096
|
|
18D6F8F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921524532.0000018D6F8F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D6F8F0000
|
Size: |
20480
|
|
18D1002A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D1002A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D1002A000
|
Size: |
266240
|
|
7FFD9B5E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924447252.00007FFD9B5E3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B5E3000
|
Size: |
4096
|
|
18D6DDF5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921118869.0000018D6DDF5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DDF5000
|
Size: |
40960
|
|
18D0044F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D0044F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D0044F000
|
Size: |
12288
|
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928306404.00007FFD9B910000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B910000
|
Size: |
65536
|
|
18D6FD5C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FD5C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FD5C000
|
Size: |
315392
|
|
7FFD9B6A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924788341.00007FFD9B6A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B6A0000
|
Size: |
36864
|
|
6C10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486845135.0000000006C10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C10000
|
Size: |
4096
|
|
18D6FB1A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB1A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB1A000
|
Size: |
225280
|
|
5EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485422044.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5EC0000
|
Size: |
61440
|
|
18D6FD30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FD30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FD30000
|
Size: |
4096
|
|
5CAAFBC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897600665.0000005CAAFBC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAFBC000
|
Size: |
16384
|
|
18D6D9F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919869906.0000018D6D9F0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6D9F0000
|
Size: |
4096
|
|
18D012C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D012C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D012C4000
|
Size: |
147456
|
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927939078.00007FFD9B8C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8C0000
|
Size: |
65536
|
|
602E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485667446.000000000602E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
602E000
|
Size: |
8192
|
|
18D6FB0E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB0E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB0E000
|
Size: |
4096
|
|
14AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3477891821.00000000014AD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14AD000
|
Size: |
4096
|
|
18D6F570000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921485819.0000018D6F570000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6F570000
|
Size: |
4096
|
|
18D6DC00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DC00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DC00000
|
Size: |
61440
|
|
18D6F8C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921524532.0000018D6F8C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D6F8C0000
|
Size: |
4096
|
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1925518301.00007FFD9B780000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B780000
|
Size: |
65536
|
|
5CAAD7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897276461.0000005CAAD7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAD7E000
|
Size: |
8192
|
|
14A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477821188.00000000014A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14A0000
|
Size: |
4096
|
|
42E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3484866482.00000000042E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E9000
|
Size: |
4096
|
|
18D6FD4C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FD4C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FD4C000
|
Size: |
36864
|
|
7FFD9B696000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924677072.00007FFD9B696000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B696000
|
Size: |
24576
|
|
1190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
24576
|
|
18D6F490000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921238291.0000018D6F490000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D6F490000
|
Size: |
4096
|
|
67CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486650561.00000000067CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
67CC000
|
Size: |
16384
|
|
6760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486524650.0000000006760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6760000
|
Size: |
4096
|
|
194C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478621931.000000000194C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
194C000
|
Size: |
16384
|
|
18D6DBD2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBD2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBD2000
|
Size: |
16384
|
|
6609000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486353608.0000000006609000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6609000
|
Size: |
16384
|
|
18D6FD20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1923505132.0000018D6FD20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
18D6FD20000
|
Size: |
20480
|
|
18D6FDAA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FDAA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FDAA000
|
Size: |
8192
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B0000
|
Size: |
49152
|
|
D5B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476046430.0000000000D5B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D5B000
|
Size: |
20480
|
|
1560000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478443854.0000000001560000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1560000
|
Size: |
65536
|
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927866261.00007FFD9B8B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8B0000
|
Size: |
65536
|
|
1577000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478542697.0000000001577000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1577000
|
Size: |
12288
|
|
7FFD9B791000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1925815612.00007FFD9B791000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B791000
|
Size: |
32768
|
|
1A5C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478812112.0000000001A5C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1A5C000
|
Size: |
16384
|
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1925996081.00007FFD9B7B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B7B0000
|
Size: |
4096
|
|
6606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486353608.0000000006606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6606000
|
Size: |
4096
|
|
571B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3484973572.000000000571B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
571B000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1950000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478663929.0000000001950000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1950000
|
Size: |
65536
|
|
1ECE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3479043386.0000000001ECE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1ECE000
|
Size: |
8192
|
|
67D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3486694781.00000000067D0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
67D0000
|
Size: |
8192
|
|
18D6F4D0000
|
heap
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1921313798.0000018D6F4D0000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
18D6F4D0000
|
Size: |
4096
|
|
7FB80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3486895604.000000007FB80000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FB80000
|
Size: |
4096
|
|
65F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486279383.00000000065F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
65F1000
|
Size: |
16384
|
|
11BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.00000000011BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BD000
|
Size: |
12288
|
|
698E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486762802.000000000698E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
698E000
|
Size: |
8192
|
|
7FFD9B6C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924857688.00007FFD9B6C6000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B6C6000
|
Size: |
69632
|
|
145E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477734625.000000000145E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
145E000
|
Size: |
8192
|
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928555710.00007FFD9B952000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B952000
|
Size: |
32768
|
|
18D0047F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D0047F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D0047F000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
18D6F540000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1921438026.0000018D6F540000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
18D6F540000
|
Size: |
4096
|
|
1550000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478351891.0000000001550000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1550000
|
Size: |
65536
|
|
18D6DBB6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBB6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBB6000
|
Size: |
12288
|
|
5CAB23E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897794119.0000005CAB23E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB23E000
|
Size: |
8192
|
|
5CAACFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897252319.0000005CAACFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAACFE000
|
Size: |
8192
|
|
1CE0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478995637.0000000001CE0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1CE0000
|
Size: |
4096
|
|
1A70000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478851369.0000000001A70000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1A70000
|
Size: |
4096
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3475845063.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
4096
|
|
117E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476416663.000000000117E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
117E000
|
Size: |
8192
|
|
14D6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478153336.00000000014D6000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14D6000
|
Size: |
8192
|
|
5CAB1B5000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897767240.0000005CAB1B5000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB1B5000
|
Size: |
45056
|
|
60EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485768956.00000000060EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
60EE000
|
Size: |
8192
|
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928196093.00007FFD9B8F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8F0000
|
Size: |
65536
|
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926212943.00007FFD9B7F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B7F0000
|
Size: |
65536
|
|
6511000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486054151.0000000006511000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6511000
|
Size: |
4096
|
|
18D0045E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D0045E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D0045E000
|
Size: |
40960
|
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926820548.00007FFD9B840000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B840000
|
Size: |
65536
|
|
18D6DBC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBC0000
|
Size: |
4096
|
|
60AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485740110.00000000060AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
60AE000
|
Size: |
8192
|
|
1233000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001233000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1233000
|
Size: |
8192
|
|
122B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.000000000122B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
122B000
|
Size: |
8192
|
|
18D01636000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D01636000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D01636000
|
Size: |
10485760
|
|
7FFD9B5F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924571669.00007FFD9B5F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B5F0000
|
Size: |
40960
|
|
575E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485033835.000000000575E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
575E000
|
Size: |
8192
|
|
127E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.000000000127E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
127E000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
18D6F410000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921208768.0000018D6F410000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6F410000
|
Size: |
4096
|
|
18D012C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D012C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D012C0000
|
Size: |
12288
|
|
18D6FD27000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1923505132.0000018D6FD27000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
18D6FD27000
|
Size: |
8192
|
|
18D6FDBE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FDBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FDBE000
|
Size: |
69632
|
|
1252000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001252000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1252000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
10F7000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476294424.00000000010F7000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10F7000
|
Size: |
36864
|
|
7FFD9B79A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1925815612.00007FFD9B79A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B79A000
|
Size: |
24576
|
|
5CABC8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897891524.0000005CABC8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CABC8E000
|
Size: |
8192
|
|
18D10001000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D10001000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D10001000
|
Size: |
53248
|
|
5CAAEBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897379415.0000005CAAEBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAEBF000
|
Size: |
4096
|
|
18D100DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D100DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D100DE000
|
Size: |
1556480
|
|
6785000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486524650.0000000006785000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6785000
|
Size: |
36864
|
|
612E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485796165.000000000612E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
612E000
|
Size: |
8192
|
|
57E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485121034.00000000057E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57E0000
|
Size: |
4096
|
|
42E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3484866482.00000000042E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E1000
|
Size: |
20480
|
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926386365.00007FFD9B810000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B810000
|
Size: |
65536
|
|
7FFD9B5E4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924464938.00007FFD9B5E4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B5E4000
|
Size: |
36864
|
|
7FFD9B5ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1924531202.00007FFD9B5ED000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B5ED000
|
Size: |
12288
|
|
1460000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477765791.0000000001460000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1460000
|
Size: |
4096
|
|
5CAAAFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897153171.0000005CAAAFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAAFE000
|
Size: |
8192
|
|
18D00088000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D00088000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00088000
|
Size: |
1671168
|
|
14A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477867011.00000000014A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14A4000
|
Size: |
4096
|
|
113C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476366285.000000000113C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
113C000
|
Size: |
16384
|
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928268695.00007FFD9B900000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B900000
|
Size: |
12288
|
|
7FFD9B5FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924571669.00007FFD9B5FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B5FB000
|
Size: |
4096
|
|
14B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477915557.00000000014B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14B0000
|
Size: |
16384
|
|
64F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486054151.00000000064F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
64F0000
|
Size: |
57344
|
|
18D6DB10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DB10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DB10000
|
Size: |
450560
|
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926133939.00007FFD9B7E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B7E0000
|
Size: |
65536
|
|
11C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.00000000011C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11C7000
|
Size: |
4096
|
|
64FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486054151.00000000064FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
64FF000
|
Size: |
4096
|
|
14D2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478132149.00000000014D2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14D2000
|
Size: |
4096
|
|
DE6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476187274.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DE6000
|
Size: |
12288
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476100350.0000000000DC0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DC0000
|
Size: |
4096
|
|
18D6FAD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FAD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FAD0000
|
Size: |
192512
|
|
3656000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3479074743.0000000003656000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3656000
|
Size: |
1875968
|
|
5CAB0BF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897706914.0000005CAB0BF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB0BF000
|
Size: |
4096
|
|
7FFD9B92D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928388176.00007FFD9B92D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B92D000
|
Size: |
8192
|
|
18D6FB55000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB55000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB55000
|
Size: |
262144
|
|
14EB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478250835.00000000014EB000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14EB000
|
Size: |
4096
|
|
18D10010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D10010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D10010000
|
Size: |
69632
|
|
64EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486011870.00000000064EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64EE000
|
Size: |
8192
|
|
1988000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478787153.0000000001988000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1988000
|
Size: |
4096
|
|
14C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477992638.00000000014C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14C0000
|
Size: |
8192
|
|
18D0156D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D0156D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D0156D000
|
Size: |
798720
|
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927022840.00007FFD9B860000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B860000
|
Size: |
65536
|
|
18D6FB96000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB96000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB96000
|
Size: |
233472
|
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928097071.00007FFD9B8E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B8E0000
|
Size: |
65536
|
|
18D6F9C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921645580.0000018D6F9C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6F9C9000
|
Size: |
983040
|
|
14D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478106675.00000000014D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
14D0000
|
Size: |
4096
|
|
1276000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001276000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1276000
|
Size: |
4096
|
|
18D6DAD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919903323.0000018D6DAD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DAD0000
|
Size: |
16384
|
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926299177.00007FFD9B800000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B800000
|
Size: |
65536
|
|
11C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.00000000011C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11C9000
|
Size: |
172032
|
|
626E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485855536.000000000626E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
626E000
|
Size: |
8192
|
|
1500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478279809.0000000001500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1500000
|
Size: |
4096
|
|
5CAB13E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897743193.0000005CAB13E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB13E000
|
Size: |
8192
|
|
1198000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001198000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1198000
|
Size: |
94208
|
|
14B7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477915557.00000000014B7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14B7000
|
Size: |
8192
|
|
6508000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486054151.0000000006508000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6508000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
57E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485121034.00000000057E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57E3000
|
Size: |
8192
|
|
18D6FF80000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1924271431.0000018D6FF80000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
18D6FF80000
|
Size: |
4096
|
|
18D6FDAE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923592417.0000018D6FDAE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FDAE000
|
Size: |
61440
|
|
5CAB037000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897652729.0000005CAB037000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB037000
|
Size: |
36864
|
|
1272000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001272000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1272000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
18D6DBC2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DBC2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DBC2000
|
Size: |
12288
|
|
18D00001000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D00001000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D00001000
|
Size: |
540672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
18D6DB93000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1919975290.0000018D6DB93000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DB93000
|
Size: |
114688
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476187274.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DE0000
|
Size: |
16384
|
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928388176.00007FFD9B920000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B920000
|
Size: |
49152
|
|
57DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485091123.00000000057DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
57DE000
|
Size: |
8192
|
|
63EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485969315.00000000063EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63EC000
|
Size: |
16384
|
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927673018.00007FFD9B890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B890000
|
Size: |
65536
|
|
5D2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485385645.0000000005D2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5D2E000
|
Size: |
8192
|
|
5F20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485624662.0000000005F20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F20000
|
Size: |
8192
|
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928494489.00007FFD9B940000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B940000
|
Size: |
49152
|
|
1CBC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478944886.0000000001CBC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1CBC000
|
Size: |
16384
|
|
7FFD9B7C2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926022374.00007FFD9B7C2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B7C2000
|
Size: |
49152
|
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1927585990.00007FFD9B880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B880000
|
Size: |
65536
|
|
1D10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3479020156.0000000001D10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D10000
|
Size: |
4096
|
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1928463503.00007FFD9B930000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B930000
|
Size: |
24576
|
|
18D6FCF0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1923473807.0000018D6FCF0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
18D6FCF0000
|
Size: |
4096
|
|
18D6FB10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1922524506.0000018D6FB10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FB10000
|
Size: |
36864
|
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926629896.00007FFD9B820000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B820000
|
Size: |
65536
|
|
18D6FC10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1923421230.0000018D6FC10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6FC10000
|
Size: |
16384
|
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1925958369.00007FFD9B7A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B7A0000
|
Size: |
20480
|
|
5AEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485274690.0000000005AEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5AEE000
|
Size: |
8192
|
|
1C7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478905440.0000000001C7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C7D000
|
Size: |
12288
|
|
67E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3486728212.00000000067E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
67E0000
|
Size: |
4096
|
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1926727593.00007FFD9B830000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B830000
|
Size: |
65536
|
|
DD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476146735.0000000000DD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DD0000
|
Size: |
8192
|
|
1231000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3476452111.0000000001231000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1231000
|
Size: |
4096
|
|
1970000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3478752931.0000000001970000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1970000
|
Size: |
12288
|
|
5CAAC7B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897231530.0000005CAAC7B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAC7B000
|
Size: |
20480
|
|
18D10263000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1914897160.0000018D10263000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D10263000
|
Size: |
2375680
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
59EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485239857.00000000059EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
59EE000
|
Size: |
8192
|
|
18D6F4C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921274260.0000018D6F4C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D6F4C0000
|
Size: |
16384
|
|
5CAB2BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897823401.0000005CAB2BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAB2BC000
|
Size: |
16384
|
|
5F0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3485514356.0000000005F0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5F0E000
|
Size: |
8192
|
|
18D6DDD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1921038945.0000018D6DDD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
18D6DDD0000
|
Size: |
12288
|
|
5CAAF37000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897479048.0000005CAAF37000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAF37000
|
Size: |
36864
|
|
18D013DA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897942257.0000018D013DA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
18D013DA000
|
Size: |
1638400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5CAABFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897189925.0000005CAABFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAABFE000
|
Size: |
8192
|
|
14A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3477845920.00000000014A3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14A3000
|
Size: |
4096
|
|
5CAAB7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1897170758.0000005CAAB7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAAB7D000
|
Size: |
12288
|
|
1490000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3477790910.0000000001490000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1490000
|
Size: |
8192
|
|
14DA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3478181150.00000000014DA000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
14DA000
|
Size: |
4096
|
|