2E21000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.4151843024.0000000002E21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2E21000
|
Size: |
5320704
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
B62000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1700342659.0000000000B62000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B62000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
2D9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151789607.0000000002D9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D9E000
|
Size: |
8192
|
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153537051.00007FFD9B784000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B784000
|
Size: |
4096
|
|
F46000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F46000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F46000
|
Size: |
40960
|
|
1210000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151646482.0000000001210000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1210000
|
Size: |
12288
|
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153592472.00007FFD9B81C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B81C000
|
Size: |
4096
|
|
F3C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F3C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F3C000
|
Size: |
36864
|
|
14FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151776045.00000000014FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14FC000
|
Size: |
16384
|
|
B70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1700366113.0000000000B70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B70000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153525778.00007FFD9B780000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B780000
|
Size: |
4096
|
|
F51000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F51000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F51000
|
Size: |
4096
|
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153570412.00007FFD9B810000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B810000
|
Size: |
4096
|
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153495461.00007FFD9B773000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B773000
|
Size: |
40960
|
|
F53000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F53000
|
Size: |
20480
|
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153614179.00007FFD9B846000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B846000
|
Size: |
4096
|
|
FE2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FE2000
|
Size: |
8192
|
|
1BCD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BCD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BCD0000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151731563.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
24576
|
|
10E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151589442.00000000010E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10E0000
|
Size: |
4096
|
|
11FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151603934.00000000011FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
11FC000
|
Size: |
16384
|
|
12E28000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152846025.0000000012E28000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12E28000
|
Size: |
12288
|
|
1BD1C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BD1C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BD1C000
|
Size: |
4096
|
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153446388.00007FFD9B763000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B763000
|
Size: |
4096
|
|
1C47C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153392980.000000001C47C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C47C000
|
Size: |
16384
|
|
F95000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F95000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F95000
|
Size: |
212992
|
|
1C17D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153363757.000000001C17D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C17D000
|
Size: |
12288
|
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153603181.00007FFD9B820000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B820000
|
Size: |
4096
|
|
F10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F10000
|
Size: |
20480
|
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153513372.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B77D000
|
Size: |
8192
|
|
1B8CA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153032475.000000001B8CA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B8CA000
|
Size: |
24576
|
|
1BACE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153069871.000000001BACE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BACE000
|
Size: |
8192
|
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153483944.00007FFD9B770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B770000
|
Size: |
4096
|
|
B60000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1700321819.0000000000B60000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B60000
|
Size: |
4096
|
|
1B7AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152994212.000000001B7AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B7AF000
|
Size: |
4096
|
|
1C37A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153377195.000000001C37A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C37A000
|
Size: |
24576
|
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153558810.00007FFD9B7BC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B7BC000
|
Size: |
8192
|
|
1B1A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152915360.000000001B1A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B1A5000
|
Size: |
4096
|
|
F7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F7D000
|
Size: |
4096
|
|
1B7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153005671.000000001B7C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B7C0000
|
Size: |
8192
|
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153625059.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B880000
|
Size: |
49152
|
|
1BCEE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BCEE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BCEE000
|
Size: |
8192
|
|
1AE50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152890331.000000001AE50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1AE50000
|
Size: |
4096
|
|
F00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151317801.0000000000F00000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F00000
|
Size: |
4096
|
|
1C57C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153407713.000000001C57C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C57C000
|
Size: |
16384
|
|
FE5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FE5000
|
Size: |
4096
|
|
13FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151763461.00000000013FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
13FE000
|
Size: |
8192
|
|
1B9C4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153048747.000000001B9C4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B9C4000
|
Size: |
49152
|
|
1BCFB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BCFB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BCFB000
|
Size: |
131072
|
|
1200000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151617950.0000000001200000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1200000
|
Size: |
12288
|
|
2DB0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4151802939.0000000002DB0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2DB0000
|
Size: |
4096
|
|
1280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151673190.0000000001280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1280000
|
Size: |
8192
|
|
1BBCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153083908.000000001BBCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BBCF000
|
Size: |
4096
|
|
1BCCC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153096225.000000001BCCC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BCCC000
|
Size: |
16384
|
|
F16000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F16000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F16000
|
Size: |
20480
|
|
1B3AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152955052.000000001B3AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B3AC000
|
Size: |
16384
|
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153470857.00007FFD9B76D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B76D000
|
Size: |
12288
|
|
1B75E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152970365.000000001B75E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B75E000
|
Size: |
8192
|
|
1BD3A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BD3A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BD3A000
|
Size: |
28672
|
|
FEF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FEF000
|
Size: |
131072
|
|
FD2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FD2000
|
Size: |
32768
|
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153434292.00007FFD9B760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B760000
|
Size: |
4096
|
|
FDB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FDB000
|
Size: |
24576
|
|
1BD32000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BD32000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BD32000
|
Size: |
20480
|
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153643651.00007FFD9B902000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B902000
|
Size: |
36864
|
|
12A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151687161.00000000012A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12A0000
|
Size: |
4096
|
|
1B7C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153005671.000000001B7C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B7C3000
|
Size: |
12288
|
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153581505.00007FFD9B816000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B816000
|
Size: |
4096
|
|
12E21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152846025.0000000012E21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12E21000
|
Size: |
24576
|
|
1BE80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153350024.000000001BE80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BE80000
|
Size: |
12288
|
|
F83000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F83000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F83000
|
Size: |
69632
|
|
1B760000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4152982342.000000001B760000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1B760000
|
Size: |
4096
|
|
F1C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F1C000
|
Size: |
126976
|
|
7FF42DA10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153421941.00007FF42DA10000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF42DA10000
|
Size: |
4096
|
|
B60000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.4151284863.0000000000B60000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B60000
|
Size: |
4096
|
|
1205000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151617950.0000000001205000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1205000
|
Size: |
20480
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151731563.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F0000
|
Size: |
12288
|
|
3335000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151843024.0000000003335000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3335000
|
Size: |
1368064
|
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153457276.00007FFD9B764000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B764000
|
Size: |
8192
|
|
EF4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151304481.0000000000EF4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EF4000
|
Size: |
49152
|
|
12B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151700321.00000000012B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B0000
|
Size: |
8192
|
|
1BCF1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BCF1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BCF1000
|
Size: |
36864
|
|
1BD27000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BD27000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BD27000
|
Size: |
36864
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151814601.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DF0000
|
Size: |
4096
|
|
2E10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151828758.0000000002E10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E10000
|
Size: |
4096
|
|
FCE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FCE000
|
Size: |
4096
|
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4153548221.00007FFD9B78D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD9B78D000
|
Size: |
4096
|
|
7FFD9B911000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153661214.00007FFD9B911000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD9B911000
|
Size: |
4096
|
|
1BD1E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4153109376.000000001BD1E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BD1E000
|
Size: |
32768
|
|
F7F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F7F000
|
Size: |
12288
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151660100.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
4096
|
|
12B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151700321.00000000012B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B3000
|
Size: |
53248
|
|
12E2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4152846025.0000000012E2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12E2E000
|
Size: |
4096
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4151330957.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FCA000
|
Size: |
8192
|
|