402000
|
remote allocation
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.4595888720.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
402000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Sample uses string decryption to hide its real strings |
AV Detection |
|
Yara signature match |
System Summary |
|
|
32B1000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.4598885565.00000000032B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32B1000
|
Size: |
217088
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
1E1C8B39000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2310934695.000001E1C8B39000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8B39000
|
Size: |
4083712
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1E1C80BF000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2310934695.000001E1C80BF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C80BF000
|
Size: |
3477504
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
1E1C7E87000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2310934695.000001E1C7E87000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7E87000
|
Size: |
2260992
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
165E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597644895.000000000165E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
165E000
|
Size: |
8192
|
|
1E1DFDFE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFDFE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFDFE000
|
Size: |
372736
|
|
1377000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596044528.0000000001377000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1377000
|
Size: |
36864
|
|
1E1E0140000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E0140000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E0140000
|
Size: |
16384
|
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2343337619.00007FF848FD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FD0000
|
Size: |
65536
|
|
5A7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606120979.0000000005A7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5A7E000
|
Size: |
8192
|
|
14E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14E8000
|
Size: |
139264
|
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342896399.00007FF848F90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F90000
|
Size: |
65536
|
|
1E1C8F23000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C8F23000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8F23000
|
Size: |
147456
|
|
1E1C80B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C80B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C80B0000
|
Size: |
40960
|
|
7FF848E36000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341934457.00007FF848E36000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E36000
|
Size: |
69632
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596125705.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13F0000
|
Size: |
16384
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596101457.00000000013E0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13E0000
|
Size: |
4096
|
|
7FF848D54000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341589358.00007FF848D54000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D54000
|
Size: |
36864
|
|
694C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607316958.000000000694C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
694C000
|
Size: |
16384
|
|
42B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605729266.00000000042B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B1000
|
Size: |
20480
|
|
657D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606914586.000000000657D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
657D000
|
Size: |
12288
|
|
7FF849000000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344072700.00007FF849000000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849000000
|
Size: |
65536
|
|
16CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598076549.00000000016CA000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16CA000
|
Size: |
4096
|
|
7FF848F01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342235234.00007FF848F01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F01000
|
Size: |
32768
|
|
7FF849050000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344587546.00007FF849050000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849050000
|
Size: |
65536
|
|
580C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605938169.000000000580C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
580C000
|
Size: |
16384
|
|
5EFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606382088.0000000005EFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5EFE000
|
Size: |
8192
|
|
1E1C9296000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C9296000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C9296000
|
Size: |
10485760
|
|
1E1DFD70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFD70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFD70000
|
Size: |
249856
|
|
CD1AB0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310056434.000000CD1AB0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD1AB0F000
|
Size: |
4096
|
|
6A54000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607378454.0000000006A54000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6A54000
|
Size: |
4096
|
|
62BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606728973.00000000062BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62BE000
|
Size: |
8192
|
|
57CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605905766.00000000057CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
57CE000
|
Size: |
8192
|
|
18EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598271734.00000000018EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
18EE000
|
Size: |
8192
|
|
1E1C843C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C843C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C843C000
|
Size: |
36864
|
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2342382100.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848F20000
|
Size: |
4096
|
|
7FF8490C2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2345096908.00007FF8490C2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF8490C2000
|
Size: |
28672
|
|
CD19C7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309794989.000000CD19C7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19C7D000
|
Size: |
12288
|
|
6800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607059972.0000000006800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6800000
|
Size: |
32768
|
|
7FF848D5D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341648643.00007FF848D5D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D5D000
|
Size: |
12288
|
|
1E1C5F40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310500242.000001E1C5F40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5F40000
|
Size: |
16384
|
|
CD19875000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309590196.000000CD19875000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19875000
|
Size: |
45056
|
|
16C2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598007182.00000000016C2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16C2000
|
Size: |
4096
|
|
16A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597722622.00000000016A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16A0000
|
Size: |
4096
|
|
CD19CF9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309818636.000000CD19CF9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19CF9000
|
Size: |
28672
|
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342148927.00007FF848EF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848EF0000
|
Size: |
65536
|
|
7EF70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4607653443.000000007EF70000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7EF70000
|
Size: |
4096
|
|
CD19FBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309956989.000000CD19FBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19FBE000
|
Size: |
8192
|
|
6906000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607219369.0000000006906000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6906000
|
Size: |
4096
|
|
1E1C5DDB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5DDB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5DDB000
|
Size: |
4096
|
|
3280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598674515.0000000003280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3280000
|
Size: |
65536
|
|
1690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597684646.0000000001690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1690000
|
Size: |
8192
|
|
1E1D7CD2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7CD2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7CD2000
|
Size: |
45056
|
|
330D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598885565.000000000330D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
330D000
|
Size: |
5185536
|
|
1E1E00A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E00A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E00A0000
|
Size: |
4096
|
|
1E1C7CE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C7CE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7CE8000
|
Size: |
1671168
|
|
6A85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607378454.0000000006A85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6A85000
|
Size: |
36864
|
|
1E1C5DD6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5DD6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5DD6000
|
Size: |
16384
|
|
1950000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598360061.0000000001950000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1950000
|
Size: |
65536
|
|
1E1E00BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E00BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E00BC000
|
Size: |
57344
|
|
16D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598131092.00000000016D7000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16D7000
|
Size: |
4096
|
|
680E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607149305.000000000680E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
680E000
|
Size: |
49152
|
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341679920.00007FF848D60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D60000
|
Size: |
40960
|
|
15DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597572833.00000000015DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15DC000
|
Size: |
12288
|
|
CD19B7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309754959.000000CD19B7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19B7E000
|
Size: |
8192
|
|
1E1DFDEA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFDEA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFDEA000
|
Size: |
8192
|
|
1E1C9292000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C9292000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C9292000
|
Size: |
8192
|
|
1E1C80BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C80BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C80BB000
|
Size: |
4096
|
|
150B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.000000000150B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
150B000
|
Size: |
16384
|
|
32E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598885565.00000000032E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32E7000
|
Size: |
151552
|
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344967998.00007FF8490A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF8490A0000
|
Size: |
24576
|
|
16B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597831143.00000000016B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16B3000
|
Size: |
40960
|
|
633C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606782500.000000000633C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
633C000
|
Size: |
16384
|
|
1559000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.0000000001559000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1559000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
1E1C7BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310762252.000001E1C7BA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7BA0000
|
Size: |
4096
|
|
6CB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607609311.0000000006CB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CB0000
|
Size: |
4096
|
|
1E1C6050000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310600418.000001E1C6050000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C6050000
|
Size: |
4096
|
|
16A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4597754085.00000000016A3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16A3000
|
Size: |
4096
|
|
1E1DFDFC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFDFC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFDFC000
|
Size: |
4096
|
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342702707.00007FF848F70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F70000
|
Size: |
65536
|
|
1E1C7B80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310715930.000001E1C7B80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7B80000
|
Size: |
16384
|
|
7FF848D52000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341523074.00007FF848D52000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D52000
|
Size: |
4096
|
|
CD19BFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309777565.000000CD19BFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19BFE000
|
Size: |
8192
|
|
17EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598245910.00000000017EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
17EE000
|
Size: |
8192
|
|
16C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597963447.00000000016C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16C0000
|
Size: |
4096
|
|
66BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606987738.00000000066BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
66BE000
|
Size: |
8192
|
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342798854.00007FF848F80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F80000
|
Size: |
65536
|
|
1E1C8446000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C8446000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8446000
|
Size: |
5287936
|
|
1E1C9C96000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C9C96000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C9C96000
|
Size: |
638976
|
|
CD19EB9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309908328.000000CD19EB9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19EB9000
|
Size: |
28672
|
|
6CA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607588800.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CA0000
|
Size: |
4096
|
|
6B90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4607561875.0000000006B90000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
6B90000
|
Size: |
8192
|
|
16E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598179900.00000000016E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
16E0000
|
Size: |
16384
|
|
1E1C5E01000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E01000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E01000
|
Size: |
12288
|
|
544E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605863367.000000000544E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
544E000
|
Size: |
8192
|
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341523074.00007FF848D50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D50000
|
Size: |
4096
|
|
1E1C5E45000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E45000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E45000
|
Size: |
12288
|
|
643D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606848913.000000000643D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
643D000
|
Size: |
12288
|
|
7DF4C7080000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341493036.00007DF4C7080000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7DF4C7080000
|
Size: |
4096
|
|
61FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606597305.00000000061FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
61FE000
|
Size: |
8192
|
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2342481962.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848F40000
|
Size: |
12288
|
|
1E1C7B90000
|
heap
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2310739429.000001E1C7B90000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
1E1C7B90000
|
Size: |
4096
|
|
1967000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598454151.0000000001967000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1967000
|
Size: |
12288
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4595888720.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
4096
|
|
1E1C5D58000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5D58000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5D58000
|
Size: |
36864
|
|
1E1C5E49000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E49000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E49000
|
Size: |
24576
|
|
5CFF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606306538.0000000005CFF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CFF000
|
Size: |
4096
|
|
1E1C8952000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C8952000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8952000
|
Size: |
1990656
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2343233304.00007FF848FC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FC0000
|
Size: |
65536
|
|
1E1C5D50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5D50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5D50000
|
Size: |
28672
|
|
5A3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606089073.0000000005A3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5A3E000
|
Size: |
8192
|
|
1E1E0124000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E0124000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E0124000
|
Size: |
110592
|
|
1E1C7C20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310876918.000001E1C7C20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7C20000
|
Size: |
65536
|
|
1E1C7BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310762252.000001E1C7BD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7BD0000
|
Size: |
20480
|
|
65BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606947221.00000000065BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
65BC000
|
Size: |
16384
|
|
52B8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605832745.00000000052B8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
52B8000
|
Size: |
4096
|
|
42B9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605729266.00000000042B9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B9000
|
Size: |
4096
|
|
194E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598327770.000000000194E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
194E000
|
Size: |
8192
|
|
1E1C7C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C7C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C7C61000
|
Size: |
540672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
60FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606570668.00000000060FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
60FE000
|
Size: |
8192
|
|
1E1DFF27000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2340490179.000001E1DFF27000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1E1DFF27000
|
Size: |
8192
|
|
15B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.00000000015B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15B0000
|
Size: |
32768
|
|
647C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606877521.000000000647C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
647C000
|
Size: |
16384
|
|
7FF848F0A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342235234.00007FF848F0A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F0A000
|
Size: |
24576
|
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2345019928.00007FF8490B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF8490B0000
|
Size: |
49152
|
|
1E1D7C70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7C70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7C70000
|
Size: |
69632
|
|
127B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596005425.000000000127B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
127B000
|
Size: |
20480
|
|
1E1DFF20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2340490179.000001E1DFF20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1E1DFF20000
|
Size: |
20480
|
|
7FF848E0C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341840766.00007FF848E0C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E0C000
|
Size: |
12288
|
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342990678.00007FF848FA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FA0000
|
Size: |
65536
|
|
1594000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.0000000001594000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1594000
|
Size: |
8192
|
|
67FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607035818.00000000067FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
67FE000
|
Size: |
8192
|
|
1E1DFEF0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2340464918.000001E1DFEF0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1E1DFEF0000
|
Size: |
4096
|
|
1E1C91CC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C91CC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C91CC000
|
Size: |
802816
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606151038.0000000005ABE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5ABE000
|
Size: |
8192
|
|
1E1D7CDE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7CDE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7CDE000
|
Size: |
368640
|
|
1E1C5DFB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5DFB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5DFB000
|
Size: |
12288
|
|
58F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605974962.00000000058F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
58F0000
|
Size: |
4096
|
|
7FF849080000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344794533.00007FF849080000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849080000
|
Size: |
65536
|
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342517453.00007FF848F50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F50000
|
Size: |
65536
|
|
CD1A13B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310030116.000000CD1A13B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD1A13B000
|
Size: |
20480
|
|
5BF9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606252591.0000000005BF9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5BF9000
|
Size: |
28672
|
|
1E1C5E43000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E43000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E43000
|
Size: |
4096
|
|
324C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598577545.000000000324C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
324C000
|
Size: |
16384
|
|
1900000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598302596.0000000001900000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1900000
|
Size: |
4096
|
|
6030000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606509994.0000000006030000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6030000
|
Size: |
8192
|
|
627E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606685285.000000000627E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
627E000
|
Size: |
8192
|
|
1E1C5DE2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5DE2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5DE2000
|
Size: |
90112
|
|
16DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598155633.00000000016DB000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16DB000
|
Size: |
4096
|
|
62FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606757082.00000000062FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62FF000
|
Size: |
4096
|
|
CD19D3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309838996.000000CD19D3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19D3F000
|
Size: |
4096
|
|
59FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606031517.00000000059FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
59FD000
|
Size: |
12288
|
|
1E1E010D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E010D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E010D000
|
Size: |
90112
|
|
1E1DFE69000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFE69000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFE69000
|
Size: |
24576
|
|
7FF849090000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344882354.00007FF849090000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849090000
|
Size: |
57344
|
|
5DFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606327941.0000000005DFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5DFE000
|
Size: |
8192
|
|
1E1DFE5A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFE5A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFE5A000
|
Size: |
57344
|
|
16E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598179900.00000000016E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
16E7000
|
Size: |
8192
|
|
1599000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.0000000001599000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1599000
|
Size: |
4096
|
|
161E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597612112.000000000161E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
161E000
|
Size: |
8192
|
|
14E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.00000000014E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14E0000
|
Size: |
28672
|
|
16A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597779264.00000000016A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16A4000
|
Size: |
4096
|
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2343127125.00007FF848FB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FB0000
|
Size: |
65536
|
|
6AA1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607521108.0000000006AA1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6AA1000
|
Size: |
16384
|
|
6020000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606412599.0000000006020000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6020000
|
Size: |
61440
|
|
7FF848E70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2342026495.00007FF848E70000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E70000
|
Size: |
94208
|
|
1E1E02F0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341464943.000001E1E02F0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
1E1E02F0000
|
Size: |
4096
|
|
1E1C6070000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310620130.000001E1C6070000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C6070000
|
Size: |
12288
|
|
7FF848D6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341679920.00007FF848D6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D6B000
|
Size: |
4096
|
|
CD198FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309613236.000000CD198FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD198FE000
|
Size: |
8192
|
|
58F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4605974962.00000000058F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
58F3000
|
Size: |
8192
|
|
5AE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606208449.0000000005AE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5AE0000
|
Size: |
4096
|
|
1E1E02D0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341360757.000001E1E02D0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
1E1E02D0000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
623D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4606649279.000000000623D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
623D000
|
Size: |
12288
|
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341763322.00007FF848E00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848E00000
|
Size: |
8192
|
|
7FF849020000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344287939.00007FF849020000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849020000
|
Size: |
65536
|
|
1E1DFDAE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFDAE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFDAE000
|
Size: |
241664
|
|
6900000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607219369.0000000006900000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6900000
|
Size: |
16384
|
|
6909000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607219369.0000000006909000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6909000
|
Size: |
16384
|
|
7FF849070000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344761128.00007FF849070000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849070000
|
Size: |
12288
|
|
1518000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.0000000001518000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1518000
|
Size: |
233472
|
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2342341476.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848F10000
|
Size: |
20480
|
|
1E1C5FA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310559418.000001E1C5FA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5FA0000
|
Size: |
4096
|
|
7FF848F32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342406566.00007FF848F32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F32000
|
Size: |
49152
|
|
1E1C903A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C903A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C903A000
|
Size: |
1638400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3250000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598615175.0000000003250000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3250000
|
Size: |
4096
|
|
1E1D7C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7C61000
|
Size: |
53248
|
|
16AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4597808108.00000000016AD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16AD000
|
Size: |
4096
|
|
7FF848D53000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341568353.00007FF848D53000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D53000
|
Size: |
4096
|
|
1E1C8411000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C8411000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8411000
|
Size: |
172032
|
|
7FF848E06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2341793061.00007FF848E06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848E06000
|
Size: |
24576
|
|
7FF849060000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344672743.00007FF849060000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849060000
|
Size: |
65536
|
|
1E1D7D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7D44000
|
Size: |
1613824
|
|
CD1A035000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309983979.000000CD1A035000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD1A035000
|
Size: |
45056
|
|
15BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597385016.00000000015BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15BA000
|
Size: |
131072
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
7FF849010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344182831.00007FF849010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849010000
|
Size: |
65536
|
|
3260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598647311.0000000003260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3260000
|
Size: |
4096
|
|
6A90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607467098.0000000006A90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6A90000
|
Size: |
32768
|
|
3290000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598766530.0000000003290000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3290000
|
Size: |
65536
|
|
1E1DFC65000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337510327.000001E1DFC65000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFC65000
|
Size: |
983040
|
|
7FF849040000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344495744.00007FF849040000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849040000
|
Size: |
65536
|
|
16C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4598042588.00000000016C6000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
16C6000
|
Size: |
8192
|
|
CD19A7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309683969.000000CD19A7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19A7E000
|
Size: |
8192
|
|
1E1C8F49000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310934695.000001E1C8F49000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1C8F49000
|
Size: |
983040
|
|
1E1C7C10000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2310826828.000001E1C7C10000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1E1C7C10000
|
Size: |
4096
|
|
CD1997E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309636368.000000CD1997E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD1997E000
|
Size: |
8192
|
|
1E1C5D62000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5D62000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5D62000
|
Size: |
462848
|
|
1E1E00CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340625447.000001E1E00CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1E00CB000
|
Size: |
241664
|
|
CD199FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309660142.000000CD199FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD199FD000
|
Size: |
12288
|
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2343903089.00007FF848FF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FF0000
|
Size: |
65536
|
|
6809000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607059972.0000000006809000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6809000
|
Size: |
16384
|
|
66FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607012487.00000000066FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
66FE000
|
Size: |
8192
|
|
1578000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.0000000001578000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1578000
|
Size: |
4096
|
|
1E1DFFC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2340563335.000001E1DFFC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFFC0000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
16B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4597831143.00000000016B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16B0000
|
Size: |
8192
|
|
1E1C5FE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310579095.000001E1C5FE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5FE0000
|
Size: |
4096
|
|
CD1A0BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310006093.000000CD1A0BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD1A0BE000
|
Size: |
8192
|
|
1E1DFDF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338916533.000001E1DFDF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1DFDF7000
|
Size: |
12288
|
|
6A4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4607354055.0000000006A4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6A4E000
|
Size: |
8192
|
|
1E1D7C8A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7C8A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7C8A000
|
Size: |
274432
|
|
1557000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.0000000001557000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1557000
|
Size: |
4096
|
|
CD19E3B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309883827.000000CD19E3B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19E3B000
|
Size: |
20480
|
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2342613129.00007FF848F60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F60000
|
Size: |
65536
|
|
CD19F3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309933341.000000CD19F3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19F3E000
|
Size: |
8192
|
|
5AF0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.4606229130.0000000005AF0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
5AF0000
|
Size: |
4096
|
|
7FF848E10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2341874398.00007FF848E10000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E10000
|
Size: |
36864
|
|
1E1C5F60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310535309.000001E1C5F60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5F60000
|
Size: |
4096
|
|
1E1C5E09000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E09000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E09000
|
Size: |
4096
|
|
32A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598859610.00000000032A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32A0000
|
Size: |
4096
|
|
13F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596125705.00000000013F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13F6000
|
Size: |
12288
|
|
1E1C7C50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310905070.000001E1C7C50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C7C50000
|
Size: |
16384
|
|
1E1C5E60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310474995.000001E1C5E60000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E60000
|
Size: |
4096
|
|
1E1C6075000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310620130.000001E1C6075000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C6075000
|
Size: |
24576
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596195943.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14D0000
|
Size: |
8192
|
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2343765126.00007FF848FE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848FE0000
|
Size: |
65536
|
|
1E1D7ED8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2330619797.000001E1D7ED8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1E1D7ED8000
|
Size: |
2392064
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FF849030000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2344387470.00007FF849030000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF849030000
|
Size: |
65536
|
|
159B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596860038.000000000159B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
159B000
|
Size: |
81920
|
|
1960000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598454151.0000000001960000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1960000
|
Size: |
20480
|
|
1E1C6095000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310670351.000001E1C6095000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C6095000
|
Size: |
40960
|
|
1E1C6090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310670351.000001E1C6090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C6090000
|
Size: |
16384
|
|
16D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598104688.00000000016D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
16D0000
|
Size: |
4096
|
|
1552000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.0000000001552000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1552000
|
Size: |
16384
|
|
1516000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4596221640.0000000001516000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1516000
|
Size: |
4096
|
|
1E1C5E1B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2310079390.000001E1C5E1B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E1C5E1B000
|
Size: |
24576
|
|
CD19DB7000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309860502.000000CD19DB7000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19DB7000
|
Size: |
36864
|
|
CD19AFB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2309707633.000000CD19AFB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CD19AFB000
|
Size: |
20480
|
|
320E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.4598546007.000000000320E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
320E000
|
Size: |
8192
|
|