702000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1473205923.0000000000702000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
702000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Yara signature match |
System Summary |
|
|
29B1000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.3917779870.00000000029B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
29B1000
|
Size: |
6656000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
1B4D0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919101953.000000001B4D0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1B4D0000
|
Size: |
4096
|
|
1B7DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919170419.000000001B7DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B7DD000
|
Size: |
12288
|
|
C37000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000C37000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C37000
|
Size: |
4096
|
|
7FFAAC0A3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919706385.00007FFAAC0A3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC0A3000
|
Size: |
40960
|
|
1090000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3917615397.0000000001090000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1090000
|
Size: |
4096
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3916900883.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7B0000
|
Size: |
4096
|
|
1B5DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919122796.000000001B5DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B5DE000
|
Size: |
8192
|
|
7FFAAC0B4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919772659.00007FFAAC0B4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC0B4000
|
Size: |
4096
|
|
B40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917024917.0000000000B40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B40000
|
Size: |
8192
|
|
7FFB1E4D2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3920145952.00007FFB1E4D2000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1E4D2000
|
Size: |
8192
|
|
1B37A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918998331.000000001B37A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B37A000
|
Size: |
24576
|
|
7FFAAC176000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919909796.00007FFAAC176000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC176000
|
Size: |
4096
|
|
129BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918814581.00000000129BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
129BE000
|
Size: |
4096
|
|
7FFAAC150000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919891987.00007FFAAC150000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC150000
|
Size: |
4096
|
|
1AF3C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918970144.000000001AF3C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AF3C000
|
Size: |
16384
|
|
7FFAAC1B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919929756.00007FFAAC1B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC1B0000
|
Size: |
49152
|
|
1B4A4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919073645.000000001B4A4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B4A4000
|
Size: |
49152
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3916868409.00000000007A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7A0000
|
Size: |
4096
|
|
B9E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B9E000
|
Size: |
4096
|
|
7FFAAC140000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919831632.00007FFAAC140000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC140000
|
Size: |
4096
|
|
1B825000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B825000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B825000
|
Size: |
32768
|
|
1BEFC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919532766.000000001BEFC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BEFC000
|
Size: |
16384
|
|
7FFAAC0A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919688483.00007FFAAC0A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC0A0000
|
Size: |
4096
|
|
7FFB1E4B1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.3920056181.00007FFB1E4B1000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
7FFB1E4B1000
|
Size: |
86016
|
|
B6C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B6C000
|
Size: |
139264
|
|
129B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918814581.00000000129B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
129B1000
|
Size: |
24576
|
|
29AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917761420.00000000029AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
29AE000
|
Size: |
8192
|
|
1B3A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919025136.000000001B3A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B3A0000
|
Size: |
8192
|
|
7FFAAC14C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919875121.00007FFAAC14C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC14C000
|
Size: |
4096
|
|
C21000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000C21000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C21000
|
Size: |
4096
|
|
129B8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918814581.00000000129B8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
129B8000
|
Size: |
12288
|
|
1BCFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919482929.000000001BCFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BCFD000
|
Size: |
12288
|
|
1105000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917646622.0000000001105000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1105000
|
Size: |
24576
|
|
7FFB1E4D0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3920125931.00007FFB1E4D0000.00000004.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7FFB1E4D0000
|
Size: |
8192
|
|
7FFAAC09D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919668460.00007FFAAC09D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC09D000
|
Size: |
12288
|
|
1B7E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B7E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B7E0000
|
Size: |
53248
|
|
7FFAAC090000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919607376.00007FFAAC090000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC090000
|
Size: |
4096
|
|
B00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917004446.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
4096
|
|
7FFAAC0AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919732734.00007FFAAC0AD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC0AD000
|
Size: |
8192
|
|
1AD34000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918921628.000000001AD34000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AD34000
|
Size: |
4096
|
|
EC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917517590.0000000000EC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EC0000
|
Size: |
4096
|
|
E30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917466697.0000000000E30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
E30000
|
Size: |
4096
|
|
BCC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BCC000
|
Size: |
20480
|
|
7FFAAC241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919988394.00007FFAAC241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC241000
|
Size: |
4096
|
|
C39000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000C39000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C39000
|
Size: |
155648
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
7FFB1E4C6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3920097349.00007FFB1E4C6000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1E4C6000
|
Size: |
40960
|
|
7FFAAC0BD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919793493.00007FFAAC0BD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC0BD000
|
Size: |
4096
|
|
7FFAAC146000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919852196.00007FFAAC146000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC146000
|
Size: |
4096
|
|
7FFAAC232000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919963341.00007FFAAC232000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC232000
|
Size: |
36864
|
|
1B3A3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919025136.000000001B3A3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B3A3000
|
Size: |
12288
|
|
1B9F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919439723.000000001B9F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B9F0000
|
Size: |
12288
|
|
1BBFF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919461661.000000001BBFF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BBFF000
|
Size: |
4096
|
|
10DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917631672.00000000010DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10DE000
|
Size: |
8192
|
|
1B821000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B821000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B821000
|
Size: |
8192
|
|
1BDFA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919508059.000000001BDFA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BDFA000
|
Size: |
24576
|
|
7FFB1E4B0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3920032430.00007FFB1E4B0000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1E4B0000
|
Size: |
4096
|
|
1A9E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3918888803.000000001A9E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1A9E0000
|
Size: |
4096
|
|
1B6DC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919145272.000000001B6DC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B6DC000
|
Size: |
16384
|
|
F05000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917549317.0000000000F05000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F05000
|
Size: |
20480
|
|
7FFAAC093000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919626445.00007FFAAC093000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC093000
|
Size: |
4096
|
|
7FFAAC0B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919752780.00007FFAAC0B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC0B0000
|
Size: |
4096
|
|
1B819000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B819000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B819000
|
Size: |
28672
|
|
AF4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3916979648.0000000000AF4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
AF4000
|
Size: |
49152
|
|
7FFB1E4D5000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3920145952.00007FFB1E4D5000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7FFB1E4D5000
|
Size: |
4096
|
|
E43000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917482965.0000000000E43000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
E43000
|
Size: |
53248
|
|
100D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917580601.000000000100D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
100D000
|
Size: |
12288
|
|
B60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B60000
|
Size: |
45056
|
|
C25000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000C25000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C25000
|
Size: |
69632
|
|
7FF4DA9B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919587924.00007FF4DA9B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF4DA9B0000
|
Size: |
4096
|
|
700000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3916824971.0000000000700000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
700000
|
Size: |
4096
|
|
106F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917597841.000000000106F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
106F000
|
Size: |
4096
|
|
E2C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917447005.0000000000E2C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E2C000
|
Size: |
16384
|
|
1100000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917646622.0000000001100000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1100000
|
Size: |
12288
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA0000
|
Size: |
4096
|
|
E40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917482965.0000000000E40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
E40000
|
Size: |
8192
|
|
1B803000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B803000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B803000
|
Size: |
40960
|
|
1B82E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B82E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B82E000
|
Size: |
90112
|
|
F00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917549317.0000000000F00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F00000
|
Size: |
12288
|
|
B8F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B8F000
|
Size: |
57344
|
|
1C1FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919562325.000000001C1FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C1FC000
|
Size: |
16384
|
|
700000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1473179445.0000000000700000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
700000
|
Size: |
4096
|
|
BD2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BD2000
|
Size: |
315392
|
|
BA2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917066873.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA2000
|
Size: |
20480
|
|
7FFAAC0EC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3919812583.00007FFAAC0EC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFAAC0EC000
|
Size: |
8192
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3916929426.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7D0000
|
Size: |
12288
|
|
1B7EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B7EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B7EE000
|
Size: |
81920
|
|
ED0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3917532149.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
ED0000
|
Size: |
4096
|
|
7FFAAC094000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919644096.00007FFAAC094000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFAAC094000
|
Size: |
8192
|
|
1B80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3919194118.000000001B80E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B80E000
|
Size: |
40960
|
|