19B0A8A8000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.1441536967.0000019B0A8A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A8A8000
|
Size: |
2236416
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
3051000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.3883270268.0000000003051000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3051000
|
Size: |
208896
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
19B0AADA000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.1441536967.0000019B0AADA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AADA000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
19B0B50D000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.1441536967.0000019B0B50D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0B50D000
|
Size: |
4345856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
402000
|
remote allocation
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.3880126315.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
402000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
5AEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890739932.0000000005AEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5AEE000
|
Size: |
8192
|
|
1180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001180000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1180000
|
Size: |
24576
|
|
55C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890423758.00000000055C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C3000
|
Size: |
8192
|
|
19B08802000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08802000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08802000
|
Size: |
16384
|
|
D9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880265625.0000000000D9B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D9B000
|
Size: |
20480
|
|
19B229A0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1472728104.0000019B229A0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
19B229A0000
|
Size: |
20480
|
|
19B22834000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B22834000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22834000
|
Size: |
32768
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882189760.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13B0000
|
Size: |
4096
|
|
19B089A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441078776.0000019B089A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B089A0000
|
Size: |
16384
|
|
58E9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890644669.00000000058E9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
58E9000
|
Size: |
28672
|
|
1420000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882609747.0000000001420000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1420000
|
Size: |
4096
|
|
13E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882216666.00000000013E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
13E0000
|
Size: |
8192
|
|
19B0B966000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0B966000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0B966000
|
Size: |
978944
|
|
1188000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001188000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1188000
|
Size: |
139264
|
|
19B0A225000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441283197.0000019B0A225000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0A225000
|
Size: |
20480
|
|
5D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891055422.0000000005D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D09000
|
Size: |
16384
|
|
19B2283D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B2283D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B2283D000
|
Size: |
143360
|
|
5E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891202125.0000000005E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5E4E000
|
Size: |
8192
|
|
7FFB4B440000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1476458651.00007FFB4B440000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B440000
|
Size: |
4096
|
|
19B227F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B227F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B227F0000
|
Size: |
126976
|
|
61CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891470401.00000000061CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
61CC000
|
Size: |
16384
|
|
3040000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3883246806.0000000003040000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3040000
|
Size: |
4096
|
|
19B22910000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1472698677.0000019B22910000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
19B22910000
|
Size: |
4096
|
|
114E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880409108.000000000114E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
114E000
|
Size: |
8192
|
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474867429.00007FFB4B280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B280000
|
Size: |
40960
|
|
5CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890838895.0000000005CD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5CD0000
|
Size: |
61440
|
|
600E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891339830.000000000600E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
600E000
|
Size: |
8192
|
|
7FFB4B430000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1476410891.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B430000
|
Size: |
20480
|
|
6411BF7000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440384816.0000006411BF7000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411BF7000
|
Size: |
36864
|
|
19B0BBE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0BBE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0BBE9000
|
Size: |
802816
|
|
1416000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882549831.0000000001416000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1416000
|
Size: |
8192
|
|
19B22B64000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474143006.0000019B22B64000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B64000
|
Size: |
16384
|
|
1150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880442071.0000000001150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1150000
|
Size: |
20480
|
|
7FFB4B500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477927924.00007FFB4B500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B500000
|
Size: |
65536
|
|
19B1A8CD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A8CD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A8CD000
|
Size: |
2392064
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FFB4B455000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476490642.00007FFB4B455000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B455000
|
Size: |
20480
|
|
19B22685000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1468876190.0000019B22685000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22685000
|
Size: |
987136
|
|
57E0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3890611135.00000000057E0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
57E0000
|
Size: |
4096
|
|
19B0A1E0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1441184975.0000019B0A1E0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
19B0A1E0000
|
Size: |
4096
|
|
11BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BA000
|
Size: |
180224
|
|
654C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891757972.000000000654C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
654C000
|
Size: |
16384
|
|
19B0B938000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0B938000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0B938000
|
Size: |
4096
|
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476949874.00007FFB4B480000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B480000
|
Size: |
65536
|
|
13F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882318824.00000000013F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
13F4000
|
Size: |
4096
|
|
19B1A75E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A75E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A75E000
|
Size: |
1462272
|
|
122A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.000000000122A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
122A000
|
Size: |
4096
|
|
576D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890491948.000000000576D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
576D000
|
Size: |
12288
|
|
19B22790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B22790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22790000
|
Size: |
245760
|
|
5FCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891308240.0000000005FCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5FCE000
|
Size: |
8192
|
|
11AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11AB000
|
Size: |
20480
|
|
7FFB4B570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478960268.00007FFB4B570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B570000
|
Size: |
65536
|
|
641158E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440201062.000000641158E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
641158E000
|
Size: |
8192
|
|
19B08877000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08877000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08877000
|
Size: |
4096
|
|
19B0A708000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0A708000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A708000
|
Size: |
1675264
|
|
19B0A570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441452798.0000019B0A570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A570000
|
Size: |
4096
|
|
64129CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440565286.00000064129CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64129CF000
|
Size: |
4096
|
|
7FFB4B560000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478732920.00007FFB4B560000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B560000
|
Size: |
65536
|
|
1160000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880530696.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1160000
|
Size: |
8192
|
|
142B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882664171.000000000142B000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
142B000
|
Size: |
4096
|
|
19B22AFB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1473173284.0000019B22AFB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22AFB000
|
Size: |
16384
|
|
57AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890535108.00000000057AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
57AE000
|
Size: |
8192
|
|
7FFB4B5B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1479890885.00007FFB4B5B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B5B0000
|
Size: |
24576
|
|
6950000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3892016131.0000000006950000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
6950000
|
Size: |
8192
|
|
141A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882581399.000000000141A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
141A000
|
Size: |
4096
|
|
6411E7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440484204.0000006411E7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411E7E000
|
Size: |
8192
|
|
19B08990000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441060591.0000019B08990000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B08990000
|
Size: |
4096
|
|
59EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890706978.00000000059EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
59EE000
|
Size: |
8192
|
|
64115CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440220339.00000064115CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64115CF000
|
Size: |
4096
|
|
630C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891549651.000000000630C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
630C000
|
Size: |
16384
|
|
19B08831000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08831000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08831000
|
Size: |
4096
|
|
6411000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891622308.0000000006411000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6411000
|
Size: |
94208
|
|
10F7000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880314689.00000000010F7000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10F7000
|
Size: |
36864
|
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474491296.00007FFB4B270000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B270000
|
Size: |
4096
|
|
19B0A180000
|
heap
|
page readonly
|
|
|
|
Name: |
00000001.00000002.1441138070.0000019B0A180000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
19B0A180000
|
Size: |
4096
|
|
6905000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891830040.0000000006905000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6905000
|
Size: |
36864
|
|
2FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3883023068.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF0000
|
Size: |
65536
|
|
1100000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880377000.0000000001100000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1100000
|
Size: |
4096
|
|
1427000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882638368.0000000001427000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1427000
|
Size: |
4096
|
|
34B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3883270268.00000000034B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
34B1000
|
Size: |
913408
|
|
62CD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891518006.00000000062CD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62CD000
|
Size: |
12288
|
|
19B0B93A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0B93A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0B93A000
|
Size: |
172032
|
|
19B089A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441078776.0000019B089A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B089A5000
|
Size: |
40960
|
|
5CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890939673.0000000005CE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5CE0000
|
Size: |
32768
|
|
1248000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001248000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1248000
|
Size: |
4096
|
|
19B0AB0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0AB0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AB0D000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
11EB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011EB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11EB000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
19B0880D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B0880D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0880D000
|
Size: |
114688
|
|
19B08788000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08788000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08788000
|
Size: |
36864
|
|
4059000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890156554.0000000004059000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4059000
|
Size: |
4096
|
|
19B0BCB3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0BCB3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0BCB3000
|
Size: |
10485760
|
|
12BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882051787.00000000012BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
16384
|
|
19B0884B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B0884B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0884B000
|
Size: |
40960
|
|
19B08839000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08839000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08839000
|
Size: |
12288
|
|
7FFB4B460000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1476678104.00007FFB4B460000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B460000
|
Size: |
12288
|
|
19B22900000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1472399496.0000019B22900000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
19B22900000
|
Size: |
65536
|
|
641197C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440281007.000000641197C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
641197C000
|
Size: |
16384
|
|
148E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882706003.000000000148E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
148E000
|
Size: |
8192
|
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476766055.00007FFB4B470000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B470000
|
Size: |
65536
|
|
1410000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882498984.0000000001410000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1410000
|
Size: |
4096
|
|
7FFB4B32C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1475293399.00007FFB4B32C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B32C000
|
Size: |
12288
|
|
5F4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891232439.0000000005F4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5F4E000
|
Size: |
8192
|
|
19B0A670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441510820.0000019B0A670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0A670000
|
Size: |
4096
|
|
618D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891434526.000000000618D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
618D000
|
Size: |
12288
|
|
19B2287B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1471763789.0000019B2287B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B2287B000
|
Size: |
81920
|
|
7FFB4B326000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1475193163.00007FFB4B326000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B326000
|
Size: |
24576
|
|
7FFB4B4F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477797514.00007FFB4B4F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4F0000
|
Size: |
65536
|
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1475110587.00007FFB4B320000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B320000
|
Size: |
8192
|
|
6411B7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440362279.0000006411B7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411B7D000
|
Size: |
12288
|
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477053662.00007FFB4B490000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B490000
|
Size: |
65536
|
|
19B0A681000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0A681000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A681000
|
Size: |
540672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
19B0AAD2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0AAD2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AAD2000
|
Size: |
4096
|
|
7FFB4B274000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474675295.00007FFB4B274000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B274000
|
Size: |
36864
|
|
3010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3883147069.0000000003010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3010000
|
Size: |
65536
|
|
19B1A681000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A681000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A681000
|
Size: |
53248
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
4096
|
|
6411EFB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440507653.0000006411EFB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411EFB000
|
Size: |
20480
|
|
19B1A690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A690000
|
Size: |
69632
|
|
7FFB4B4C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477425397.00007FFB4B4C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4C0000
|
Size: |
65536
|
|
6411D78000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440447111.0000006411D78000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411D78000
|
Size: |
32768
|
|
7FFB4B42A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476242523.00007FFB4B42A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B42A000
|
Size: |
24576
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3880126315.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
4096
|
|
19B088A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440998382.0000019B088A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B088A0000
|
Size: |
4096
|
|
19B0A190000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441156851.0000019B0A190000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A190000
|
Size: |
65536
|
|
604F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891372047.000000000604F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
604F000
|
Size: |
4096
|
|
124D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.000000000124D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
124D000
|
Size: |
8192
|
|
664E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891799165.000000000664E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
664E000
|
Size: |
8192
|
|
19B0A5A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441452798.0000019B0A5A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A5A0000
|
Size: |
20480
|
|
1412000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882524274.0000000001412000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1412000
|
Size: |
4096
|
|
1440000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882684462.0000000001440000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1440000
|
Size: |
4096
|
|
7FFB4B27D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1474749219.00007FFB4B27D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B27D000
|
Size: |
12288
|
|
19B22B52000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474081245.0000019B22B52000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B52000
|
Size: |
20480
|
|
19B0882B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B0882B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0882B000
|
Size: |
4096
|
|
19B22B58000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474143006.0000019B22B58000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B58000
|
Size: |
45056
|
|
7FFB4B28B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474867429.00007FFB4B28B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B28B000
|
Size: |
8192
|
|
7FFB4B590000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1479479866.00007FFB4B590000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B590000
|
Size: |
12288
|
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476038421.00007FFB4B410000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B410000
|
Size: |
65536
|
|
19B0BA56000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0BA56000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0BA56000
|
Size: |
1638400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FFB4B530000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478301632.00007FFB4B530000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B530000
|
Size: |
65536
|
|
7FFB4B5A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1479542139.00007FFB4B5A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B5A0000
|
Size: |
65536
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882099525.00000000012D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D0000
|
Size: |
16384
|
|
19B22B69000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474143006.0000019B22B69000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B69000
|
Size: |
8192
|
|
19B22B05000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1473173284.0000019B22B05000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B05000
|
Size: |
262144
|
|
558E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890385900.000000000558E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
558E000
|
Size: |
8192
|
|
518E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890277464.000000000518E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
518E000
|
Size: |
8192
|
|
19B0887D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B0887D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0887D000
|
Size: |
8192
|
|
7FFB4B5D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1480110360.00007FFB4B5D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B5D0000
|
Size: |
49152
|
|
5CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891011981.0000000005CF1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5CF1000
|
Size: |
16384
|
|
11B7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011B7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B7000
|
Size: |
4096
|
|
6411F7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440526903.0000006411F7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411F7E000
|
Size: |
8192
|
|
19B22AF2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1473173284.0000019B22AF2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22AF2000
|
Size: |
32768
|
|
5C2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890807374.0000000005C2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5C2E000
|
Size: |
8192
|
|
55C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890423758.00000000055C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55C0000
|
Size: |
4096
|
|
19B08880000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440975355.0000019B08880000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08880000
|
Size: |
16384
|
|
19B0A220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441283197.0000019B0A220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B0A220000
|
Size: |
12288
|
|
7FFB4B272000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474491296.00007FFB4B272000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B272000
|
Size: |
4096
|
|
550E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890309220.000000000550E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
550E000
|
Size: |
8192
|
|
7FFB4B4E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477684260.00007FFB4B4E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4E0000
|
Size: |
65536
|
|
6411C76000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440403298.0000006411C76000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411C76000
|
Size: |
40960
|
|
19B22B73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1474143006.0000019B22B73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B73000
|
Size: |
32768
|
|
6910000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891963863.0000000006910000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6910000
|
Size: |
4096
|
|
12D6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882099525.00000000012D6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D6000
|
Size: |
12288
|
|
7FFB4B540000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478405590.00007FFB4B540000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B540000
|
Size: |
65536
|
|
19B086A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440599125.0000019B086A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B086A0000
|
Size: |
4096
|
|
2F58000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882993290.0000000002F58000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F58000
|
Size: |
8192
|
|
6411AFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440343119.0000006411AFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411AFE000
|
Size: |
8192
|
|
13F3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882286605.00000000013F3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
13F3000
|
Size: |
4096
|
|
19B088E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441018418.0000019B088E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B088E0000
|
Size: |
4096
|
|
19B08780000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08780000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08780000
|
Size: |
28672
|
|
19B22811000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B22811000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22811000
|
Size: |
4096
|
|
13FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882345636.00000000013FD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
13FD000
|
Size: |
4096
|
|
11E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11E8000
|
Size: |
8192
|
|
6411A7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440324910.0000006411A7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411A7F000
|
Size: |
4096
|
|
641187D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440238614.000000641187D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
641187D000
|
Size: |
12288
|
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477291443.00007FFB4B4B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4B0000
|
Size: |
65536
|
|
19B08792000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08792000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08792000
|
Size: |
454656
|
|
5D06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891055422.0000000005D06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D06000
|
Size: |
4096
|
|
15AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882903847.00000000015AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15AE000
|
Size: |
8192
|
|
554C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890341274.000000000554C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
554C000
|
Size: |
16384
|
|
2F4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882965510.0000000002F4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F4E000
|
Size: |
8192
|
|
19B0AACE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0AACE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AACE000
|
Size: |
12288
|
|
5F8D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891266600.0000000005F8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5F8D000
|
Size: |
12288
|
|
7FFB4B273000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1474631175.00007FFB4B273000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B273000
|
Size: |
4096
|
|
19B227EB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B227EB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B227EB000
|
Size: |
8192
|
|
19B227CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B227CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B227CD000
|
Size: |
114688
|
|
7FFB4B5C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1480007642.00007FFB4B5C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B5C0000
|
Size: |
24576
|
|
1403000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882379156.0000000001403000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1403000
|
Size: |
40960
|
|
641150E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440180822.000000641150E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
641150E000
|
Size: |
8192
|
|
19B0BCAF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0BCAF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0BCAF000
|
Size: |
8192
|
|
7FFB4B4A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477171937.00007FFB4B4A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4A0000
|
Size: |
65536
|
|
1255000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001255000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1255000
|
Size: |
151552
|
|
64118FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440258425.00000064118FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64118FE000
|
Size: |
8192
|
|
6411FFB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440545986.0000006411FFB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411FFB000
|
Size: |
20480
|
|
7FFB4B356000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1475491344.00007FFB4B356000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B356000
|
Size: |
69632
|
|
1250000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.0000000001250000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1250000
|
Size: |
16384
|
|
1400000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882379156.0000000001400000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1400000
|
Size: |
8192
|
|
6411DFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440464940.0000006411DFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411DFE000
|
Size: |
8192
|
|
19B22B00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1473173284.0000019B22B00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22B00000
|
Size: |
16384
|
|
64119FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440304031.00000064119FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64119FE000
|
Size: |
8192
|
|
4051000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890156554.0000000004051000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4051000
|
Size: |
20480
|
|
124B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.000000000124B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
124B000
|
Size: |
4096
|
|
7FFB4B421000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476242523.00007FFB4B421000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B421000
|
Size: |
32768
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882828362.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14A7000
|
Size: |
8192
|
|
7FFB4B580000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1479062806.00007FFB4B580000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B580000
|
Size: |
65536
|
|
19B08835000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08835000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08835000
|
Size: |
12288
|
|
11ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11ED000
|
Size: |
4096
|
|
68E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891830040.00000000068E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
68E0000
|
Size: |
4096
|
|
7FFB4B4D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1477529996.00007FFB4B4D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B4D0000
|
Size: |
65536
|
|
19B08930000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441038162.0000019B08930000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08930000
|
Size: |
4096
|
|
5D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891055422.0000000005D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D00000
|
Size: |
16384
|
|
508C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890233850.000000000508C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
508C000
|
Size: |
16384
|
|
19B08879000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440630822.0000019B08879000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B08879000
|
Size: |
8192
|
|
6412A4B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440583410.0000006412A4B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6412A4B000
|
Size: |
20480
|
|
6920000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891992835.0000000006920000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6920000
|
Size: |
4096
|
|
7FFB4B452000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476490642.00007FFB4B452000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B452000
|
Size: |
8192
|
|
19B0C6B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0C6B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0C6B3000
|
Size: |
643072
|
|
1490000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3882735121.0000000001490000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1490000
|
Size: |
65536
|
|
7FFB4B5E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1480314544.00007FFB4B5E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B5E0000
|
Size: |
4096
|
|
640E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891593544.000000000640E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
640E000
|
Size: |
8192
|
|
19B0AAD6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0AAD6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AAD6000
|
Size: |
12288
|
|
19B1A6AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A6AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A6AA000
|
Size: |
278528
|
|
7DF411CD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1474452456.00007DF411CD0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7DF411CD0000
|
Size: |
4096
|
|
19B22AB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1472973255.0000019B22AB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22AB0000
|
Size: |
20480
|
|
57C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890566558.00000000057C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57C0000
|
Size: |
4096
|
|
7FFB4B510000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478036001.00007FFB4B510000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B510000
|
Size: |
65536
|
|
19B0A170000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441116588.0000019B0A170000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0A170000
|
Size: |
12288
|
|
14A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882828362.00000000014A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14A0000
|
Size: |
16384
|
|
5D10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891171717.0000000005D10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D10000
|
Size: |
8192
|
|
7FFB4B550000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478569177.00007FFB4B550000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B550000
|
Size: |
65536
|
|
68D4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891830040.00000000068D4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
68D4000
|
Size: |
4096
|
|
5B2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3890774611.0000000005B2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5B2E000
|
Size: |
8192
|
|
3085000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3883270268.0000000003085000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3085000
|
Size: |
4370432
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
13F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882253033.00000000013F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
13F0000
|
Size: |
4096
|
|
16AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3882934425.00000000016AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
16AE000
|
Size: |
8192
|
|
608E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3891399775.000000000608E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
608E000
|
Size: |
8192
|
|
7FFB4B520000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1478179792.00007FFB4B520000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B520000
|
Size: |
65536
|
|
19B0A200000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1441250821.0000019B0A200000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
19B0A200000
|
Size: |
4096
|
|
6411CF9000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440426472.0000006411CF9000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411CF9000
|
Size: |
28672
|
|
7FFB4B330000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1475358963.00007FFB4B330000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B330000
|
Size: |
36864
|
|
19B1A6F2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1462732194.0000019B1A6F2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B1A6F2000
|
Size: |
385024
|
|
7FFB4B45B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1476490642.00007FFB4B45B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B45B000
|
Size: |
20480
|
|
19B229A7000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1472728104.0000019B229A7000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
19B229A7000
|
Size: |
4096
|
|
3000000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.3883119994.0000000003000000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3000000
|
Size: |
4096
|
|
19B229D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1472879975.0000019B229D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B229D0000
|
Size: |
16384
|
|
6411485000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1440159511.0000006411485000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6411485000
|
Size: |
45056
|
|
127B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.000000000127B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
127B000
|
Size: |
16384
|
|
7FFB4B390000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1475679368.00007FFB4B390000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B390000
|
Size: |
94208
|
|
19B22813000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1470005608.0000019B22813000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
19B22813000
|
Size: |
131072
|
|
19B0AACB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1441536967.0000019B0AACB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
19B0AACB000
|
Size: |
8192
|
|
1157000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880442071.0000000001157000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1157000
|
Size: |
12288
|
|
11F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.3880564789.00000000011F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F3000
|
Size: |
221184
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|