|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169731218.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178272907.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
449C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236276084.000000000449C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449C000
|
| Size: |
4096
|
|
|
4020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
4096
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205887826.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
20480
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231738984.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
8192
|
|
|
4546000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236532106.0000000004546000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4546000
|
| Size: |
36864
|
|
|
486D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223547498.000000000486D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486D000
|
| Size: |
77824
|
|
|
478F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236764691.000000000478F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478F000
|
| Size: |
4096
|
|
|
48F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.00000000048F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48F5000
|
| Size: |
1634304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000D4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D4A000
|
| Size: |
28672
|
|
|
DAD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156311504.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DAD000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979586637.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157309506.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156068167.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109431356.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
5CBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204570163.0000000005CBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CBB000
|
| Size: |
253952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
16B5E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153968481.0000000016B5E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16B5E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980680547.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
A76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231819875.0000000000A76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A76000
|
| Size: |
8192
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203226529.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
24576
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166360699.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2171000680.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159106004.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
3A47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210177942.0000000003A47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A47000
|
| Size: |
32768
|
|
|
26AC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026AC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26AC000
|
| Size: |
8192
|
|
|
486C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223482362.000000000486C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486C000
|
| Size: |
81920
|
|
|
164D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119287758.00000000164D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
164D0000
|
| Size: |
561152
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176628540.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147230392.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
552960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4836000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222381154.0000000004836000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
40960
|
|
|
DCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2164815960.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168133664.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
17EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213504009.0000000017EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17EFE000
|
| Size: |
8192
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980720250.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
449E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221334049.000000000449E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205540463.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
16384
|
|
|
16C25000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2149429507.0000000016C25000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C25000
|
| Size: |
102400
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206908855.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
8E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150917479.00000000008E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E0000
|
| Size: |
16384
|
|
|
7FC54000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3238902698.000000007FC54000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC54000
|
| Size: |
4096
|
|
|
53BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53BD000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161083101.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
3F72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F72000
|
| Size: |
4096
|
|
|
DAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156345507.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DAA000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175324928.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
481D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.000000000481D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
481D000
|
| Size: |
8192
|
|
|
AFE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AFE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AFE6000
|
| Size: |
45056
|
|
|
4859000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236910352.0000000004859000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4859000
|
| Size: |
16384
|
|
|
172FD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146706183.00000000172FD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
172FD000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173060555.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203310473.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
36864
|
|
|
16A94000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211693755.0000000016A94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A94000
|
| Size: |
438272
|
|
|
3FC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC8000
|
| Size: |
4096
|
|
|
16A88000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211693755.0000000016A88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A88000
|
| Size: |
40960
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114634092.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
16384
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158906571.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
6CB7A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.2146978536.000000006CB7A000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB7A000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
485E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236910352.000000000485E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
485E000
|
| Size: |
8192
|
|
|
D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155544058.0000000000D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147438655.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
D7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157124892.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D7E000
|
| Size: |
4096
|
|
|
4BE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BE5000
|
| Size: |
12288
|
|
|
4800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1674D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119432959.000000001674D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1674D000
|
| Size: |
12288
|
|
|
50EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000050EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50EE000
|
| Size: |
1642496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1657D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211272169.000000001657D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1657D000
|
| Size: |
12288
|
|
|
3FC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC4000
|
| Size: |
4096
|
|
|
4BB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB3000
|
| Size: |
135168
|
|
|
E27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000E27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E27000
|
| Size: |
98304
|
|
|
86EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86EF000
|
| Size: |
4096
|
|
|
16BAE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119625847.0000000016BAE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16BAE000
|
| Size: |
8192
|
|
|
483A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222548967.000000000483A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483A000
|
| Size: |
24576
|
|
|
7D8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237794696.0000000007D8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D8D000
|
| Size: |
12288
|
|
|
AF56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AF56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF56000
|
| Size: |
12288
|
|
|
4896000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237227968.0000000004896000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4896000
|
| Size: |
4096
|
|
|
D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155613686.0000000000D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D8E000
|
| Size: |
8192
|
|
|
1814D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213592345.000000001814D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1814D000
|
| Size: |
12288
|
|
|
482D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221978815.000000000482D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482D000
|
| Size: |
77824
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211645246.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
12288
|
|
|
433F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236137566.000000000433F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
433F000
|
| Size: |
4096
|
|
|
1681D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119504756.000000001681D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1681D000
|
| Size: |
12288
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159535193.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2122131126.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
D79000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157023070.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D79000
|
| Size: |
24576
|
|
|
15E1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210525938.0000000015E1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15E1D000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979890580.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167977635.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
86C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116620294.000000000086C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
86C000
|
| Size: |
16384
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203660135.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170197958.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237956015.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
16384
|
|
|
2EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232692120.0000000002EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
3F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F7E000
|
| Size: |
20480
|
|
|
3F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234716735.0000000003F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164511936.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
F26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000F26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F26000
|
| Size: |
8192
|
|
|
2E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129939167.0000000002E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1E000
|
| Size: |
8192
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205578638.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
20480
|
|
|
DAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156531606.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DAB000
|
| Size: |
8192
|
|
|
16B1D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119592893.0000000016B1D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16B1D000
|
| Size: |
12288
|
|
|
6CB90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.2156918344.000000006CB90000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB90000
|
| Size: |
122880
|
|
|
4010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4010000
|
| Size: |
16384
|
|
|
16440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153534805.0000000016440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16440000
|
| Size: |
557056
|
|
|
2EEA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EEA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EEA000
|
| Size: |
12288
|
|
|
2BD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158550170.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BD1000
|
| Size: |
65536
|
|
|
3633000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.0000000003633000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3633000
|
| Size: |
32768
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205927145.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
1818E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213622936.000000001818E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1818E000
|
| Size: |
8192
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155807612.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
364544
|
|
|
2660000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.0000000002660000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2660000
|
| Size: |
4096
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204171460.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
28672
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150979878.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166983921.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
B1A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B1A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B1A8000
|
| Size: |
20480
|
|
|
53D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53D2000
|
| Size: |
8192
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165869956.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
4096
|
|
|
4866000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223129080.0000000004866000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4866000
|
| Size: |
106496
|
|
|
16ACD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119575852.0000000016ACD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16ACD000
|
| Size: |
12288
|
|
|
449F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236301953.000000000449F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449F000
|
| Size: |
4096
|
|
|
D75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161002285.0000000000D75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D75000
|
| Size: |
4096
|
|
|
2BD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158782365.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BD1000
|
| Size: |
237568
|
|
|
4FFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144334913.0000000004FFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FFB000
|
| Size: |
20480
|
|
|
26BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26BA000
|
| Size: |
8192
|
|
|
44A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.00000000044A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44A9000
|
| Size: |
98304
|
|
|
4509000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203660135.0000000004509000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
12288
|
|
|
4840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236910352.0000000004840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
81920
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176117576.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695864364.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
4857000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004857000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4857000
|
| Size: |
73728
|
|
|
25BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151268303.00000000025BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25BE000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981027418.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4822000
|
| Size: |
4096
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204013100.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
28672
|
|
|
4BD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD5000
|
| Size: |
4096
|
|
|
486A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.000000000486A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486A000
|
| Size: |
380928
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236910352.0000000004855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4855000
|
| Size: |
4096
|
|
|
4864000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223018931.0000000004864000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4864000
|
| Size: |
114688
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159133850.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
D78000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165869956.0000000000D78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D78000
|
| Size: |
24576
|
|
|
7FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238011393.0000000007FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7FD0000
|
| Size: |
4096
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155519295.0000000000C40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
4096
|
|
|
6F5AA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2215225613.000000006F5AA000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F5AA000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981066641.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223714656.0000000004870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4870000
|
| Size: |
65536
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173683501.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
5061000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005061000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5061000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2164757838.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCD000
|
| Size: |
323584
|
|
|
1703E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146645961.000000001703E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1703E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167728349.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3A33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A33000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979915921.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170363585.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159601149.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
3A47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A47000
|
| Size: |
32768
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161534563.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2160352896.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
423F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236103306.000000000423F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
423F000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207215115.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157329810.0000000000EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFE000
|
| Size: |
8192
|
|
|
2EB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EB0000
|
| Size: |
4096
|
|
|
35E2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.00000000035E2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
35E2000
|
| Size: |
86016
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160969888.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4888000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237113176.0000000004888000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4888000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175756944.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1738E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146735841.000000001738E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1738E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176479989.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
DBC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000DBC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DBC000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167942210.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
13FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.00000000013FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13FC000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
171FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119747067.00000000171FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
171FD000
|
| Size: |
12288
|
|
|
486E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223584158.000000000486E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486E000
|
| Size: |
73728
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109359136.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
117E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155899443.000000000117E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
117E000
|
| Size: |
20480
|
|
|
39F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39F1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177891861.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D7A000
|
| Size: |
118784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
AD81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AD81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD81000
|
| Size: |
69632
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114584008.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
D95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157068773.0000000000D95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D95000
|
| Size: |
4096
|
|
|
1667E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211315965.000000001667E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1667E000
|
| Size: |
8192
|
|
|
D81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156845566.0000000000D81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D81000
|
| Size: |
65536
|
|
|
4823000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221413207.0000000004823000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4823000
|
| Size: |
118784
|
|
|
5284000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005284000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5284000
|
| Size: |
4096
|
|
|
15800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2209911580.0000000015800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15800000
|
| Size: |
4571136
|
|
|
3F1C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234671906.0000000003F1C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3F1C000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164750140.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
48EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.00000000048EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48EE000
|
| Size: |
24576
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154774033.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150896800.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
4096
|
|
|
3A47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A47000
|
| Size: |
32768
|
|
|
8E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150917479.00000000008E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E6000
|
| Size: |
8192
|
|
|
483D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222670003.000000000483D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
12288
|
|
|
873E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.000000000873E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
873E000
|
| Size: |
4096
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695942568.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208306950.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
115D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108848878.000000000115D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115D000
|
| Size: |
4096
|
|
|
DC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165655942.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC7000
|
| Size: |
24576
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980193604.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178611178.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1185000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155932710.0000000001185000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1185000
|
| Size: |
114688
|
|
|
4821000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236813917.0000000004821000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
8192
|
|
|
2BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157663495.0000000002BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
E03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000E03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E03000
|
| Size: |
36864
|
|
|
F24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F24000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979928021.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
F22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F22000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167879147.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4028000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004028000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4028000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208306950.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
3FCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FCE000
|
| Size: |
12288
|
|
|
56F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204411587.00000000056F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56F0000
|
| Size: |
12288
|
|
|
171A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212299324.00000000171A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
171A0000
|
| Size: |
4096
|
|
|
3FEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FEA000
|
| Size: |
24576
|
|
|
1749A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212645062.000000001749A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1749A000
|
| Size: |
24576
|
|
|
1678D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119457354.000000001678D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1678D000
|
| Size: |
12288
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205739570.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109340100.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
58B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231609062.000000000058B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58B000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170075835.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4BD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD4000
|
| Size: |
4096
|
|
|
B31000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160733200.0000000000B31000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B31000
|
| Size: |
16384
|
|
|
6CB40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2154195168.000000006CB40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB40000
|
| Size: |
4096
|
|
|
AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114479237.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AA0000
|
| Size: |
36864
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2159945525.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
65536
|
|
|
167DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119481861.00000000167DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
167DE000
|
| Size: |
8192
|
|
|
7FC56000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3238955225.000000007FC56000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC56000
|
| Size: |
4096
|
|
|
1360000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202261247.0000000001360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1360000
|
| Size: |
8192
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161271028.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177195241.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
39D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D5000
|
| Size: |
4096
|
|
|
35DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2164397701.00000000035DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35DA000
|
| Size: |
1933312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178385999.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
16C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119642317.0000000016C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C80000
|
| Size: |
782336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234281377.0000000003D3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D3F000
|
| Size: |
4096
|
|
|
11AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981640020.00000000011AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11AD000
|
| Size: |
32768
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208486914.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
2ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156141596.0000000002ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ADE000
|
| Size: |
8192
|
|
|
182C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.00000000182C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
182C8000
|
| Size: |
638976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D89000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156942643.0000000000D89000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D89000
|
| Size: |
32768
|
|
|
174DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212863156.00000000174DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
174DD000
|
| Size: |
12288
|
|
|
486A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223309082.000000000486A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486A000
|
| Size: |
90112
|
|
|
B3B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155423000.0000000000B3B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3B000
|
| Size: |
45056
|
|
|
2F54000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002F54000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F54000
|
| Size: |
172032
|
|
|
E2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174877227.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E2A000
|
| Size: |
20480
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158860459.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
12FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202161271.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FA000
|
| Size: |
24576
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160730462.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177841592.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150999338.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
4096
|
|
|
16A8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119560352.0000000016A8F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16A8F000
|
| Size: |
4096
|
|
|
4016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4016000
|
| Size: |
8192
|
|
|
DF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174587291.0000000000DF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF2000
|
| Size: |
155648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
16DBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212183106.0000000016DBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16DBD000
|
| Size: |
12288
|
|
|
B7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157210506.0000000000B7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7C000
|
| Size: |
16384
|
|
|
1496000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.0000000001496000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1496000
|
| Size: |
126976
|
|
|
2650000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151341964.0000000002650000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2650000
|
| Size: |
16384
|
|
|
1290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128542234.0000000001290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1290000
|
| Size: |
16384
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161321022.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237067010.0000000004880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4880000
|
| Size: |
8192
|
|
|
3F78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F78000
|
| Size: |
4096
|
|
|
5033000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005033000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5033000
|
| Size: |
184320
|
|
|
50C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000050C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50C3000
|
| Size: |
77824
|
|
|
1183000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2155095549.0000000001183000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1183000
|
| Size: |
122880
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176210889.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4897000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224544131.0000000004897000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4897000
|
| Size: |
36864
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982147026.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211719747.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
53248
|
|
|
2FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203395846.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FB0000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147137389.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157285702.0000000000BE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176905827.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
17A0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203259788.00000000017A0000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
17A0000
|
| Size: |
16384
|
|
|
69AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237638555.00000000069AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69AE000
|
| Size: |
8192
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211906918.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
61440
|
|
|
44A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.00000000044A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44A4000
|
| Size: |
12288
|
|
|
39EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39EA000
|
| Size: |
4096
|
|
|
6CB41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.2119923930.000000006CB41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
6CB41000
|
| Size: |
233472
|
|
|
123C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128428879.000000000123C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123C000
|
| Size: |
16384
|
|
|
5CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204570163.0000000005CFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CFF000
|
| Size: |
331776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
48CC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.00000000048CC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
53248
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161000819.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4BEB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BEB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BEB000
|
| Size: |
4096
|
|
|
16CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146325914.0000000016CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16CA0000
|
| Size: |
557056
|
|
|
D75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159463550.0000000000D75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D75000
|
| Size: |
4096
|
|
|
DCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174482349.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCA000
|
| Size: |
16384
|
|
|
16900000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211693755.0000000016900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16900000
|
| Size: |
1134592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160682538.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
3F7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F7A000
|
| Size: |
12288
|
|
|
3F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F70000
|
| Size: |
4096
|
|
|
8190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238132453.0000000008190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8190000
|
| Size: |
36864
|
|
|
2E9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232648794.0000000002E9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9C000
|
| Size: |
16384
|
|
|
DDA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000DDA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DDA000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000052F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
675840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116642525.00000000008D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D0000
|
| Size: |
4096
|
|
|
3A39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A39000
|
| Size: |
4096
|
|
|
4822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4822000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205806907.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
4630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236603507.0000000004630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
4096
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205927145.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175618656.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4898000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237251885.0000000004898000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4898000
|
| Size: |
4096
|
|
|
16A3E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153869204.0000000016A3E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16A3E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980078529.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
DE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165308239.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE4000
|
| Size: |
24576
|
|
|
4862000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222894865.0000000004862000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4862000
|
| Size: |
122880
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205578638.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
16B0D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153947259.0000000016B0D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16B0D000
|
| Size: |
12288
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2159973219.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
397A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2196210993.000000000397A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
397A000
|
| Size: |
4096
|
|
|
4020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
4096
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205411047.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
20480
|
|
|
4B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156615373.0000000004B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
4096
|
|
|
C46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231938407.0000000000C46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C46000
|
| Size: |
36864
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203468433.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981872083.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
2E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156181843.0000000002E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E20000
|
| Size: |
4096
|
|
|
1613E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211136003.000000001613E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1613E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980020353.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
151E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202586938.000000000151E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
151E000
|
| Size: |
8192
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206097835.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
D0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232019562.0000000000D0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0B000
|
| Size: |
20480
|
|
|
4008000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004008000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4008000
|
| Size: |
4096
|
|
|
EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
32768
|
|
|
D91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156744490.0000000000D91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D91000
|
| Size: |
20480
|
|
|
167CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153758516.00000000167CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
167CD000
|
| Size: |
12288
|
|
|
4800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236790283.0000000004800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
4096
|
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128666253.00000000012D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12D0000
|
| Size: |
4096
|
|
|
16A39000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211693755.0000000016A39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A39000
|
| Size: |
307200
|
|
|
AFF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AFF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AFF5000
|
| Size: |
110592
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169868164.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
48EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.00000000048EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48EC000
|
| Size: |
4096
|
|
|
4010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4010000
|
| Size: |
16384
|
|
|
4833000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004833000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4833000
|
| Size: |
135168
|
|
|
1775D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212919917.000000001775D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1775D000
|
| Size: |
12288
|
|
|
1643E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211191103.000000001643E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1643E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170036658.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
6F570000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2214698426.000000006F570000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F570000
|
| Size: |
4096
|
|
|
1828F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213650730.000000001828F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1828F000
|
| Size: |
4096
|
|
|
4010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4010000
|
| Size: |
16384
|
|
|
1799E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213113700.000000001799E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1799E000
|
| Size: |
8192
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695916036.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
2814000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.0000000002814000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2814000
|
| Size: |
20480
|
|
|
3A39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A39000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176848571.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
48A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237325880.00000000048A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48A2000
|
| Size: |
8192
|
|
|
6CB7A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.2156858702.000000006CB7A000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB7A000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160023012.0000000001520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1520000
|
| Size: |
176128
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159178723.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980031357.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
48C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237479573.00000000048C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48C4000
|
| Size: |
12288
|
|
|
3A16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A16000
|
| Size: |
61440
|
|
|
11A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2155023654.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A1000
|
| Size: |
4096
|
|
|
16C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119642317.0000000016C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C40000
|
| Size: |
249856
|
|
|
AF5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AF5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF5D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2192146909.0000000000E18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E18000
|
| Size: |
102400
|
|
|
4861000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222848657.0000000004861000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4861000
|
| Size: |
126976
|
|
|
339F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232884768.000000000339F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
4096
|
|
|
1724E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119764056.000000001724E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1724E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2120347148.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165456401.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
8192
|
|
|
4867000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223166725.0000000004867000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4867000
|
| Size: |
102400
|
|
|
360F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156533507.000000000360F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360F000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161175525.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4BE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BE3000
|
| Size: |
8192
|
|
|
117D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2155125792.000000000117D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
117D000
|
| Size: |
24576
|
|
|
E0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E0E000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
8731000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.0000000008731000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8731000
|
| Size: |
8192
|
|
|
361A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.000000000361A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
361A000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980118611.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
173A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212645062.00000000173A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
173A0000
|
| Size: |
266240
|
|
|
3987000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003987000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3987000
|
| Size: |
4096
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235959163.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
86F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86F1000
|
| Size: |
4096
|
|
|
27FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.00000000027FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
27FA000
|
| Size: |
12288
|
|
|
44A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.00000000044A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44A0000
|
| Size: |
4096
|
|
|
483E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222698029.000000000483E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483E000
|
| Size: |
8192
|
|
|
315E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232780668.000000000315E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
315E000
|
| Size: |
8192
|
|
|
4811000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004811000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4811000
|
| Size: |
45056
|
|
|
DF9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165269936.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF9000
|
| Size: |
36864
|
|
|
4525000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236486530.0000000004525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4525000
|
| Size: |
12288
|
|
|
17250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119778245.0000000017250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17250000
|
| Size: |
159744
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982235532.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
34CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156465916.00000000034CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34CF000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159081088.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
16F5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146565453.0000000016F5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16F5D000
|
| Size: |
12288
|
|
|
15060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2145350378.0000000015060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15060000
|
| Size: |
5840896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4509000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208486914.0000000004509000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
12288
|
|
|
1748E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154173875.000000001748E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1748E000
|
| Size: |
8192
|
|
|
34DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232956744.00000000034DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DD000
|
| Size: |
12288
|
|
|
13C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156068167.00000000013C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C9000
|
| Size: |
20480
|
|
|
D97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156633991.0000000000D97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D97000
|
| Size: |
36864
|
|
|
1804D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213563993.000000001804D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1804D000
|
| Size: |
12288
|
|
|
2EF5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EF5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EF5000
|
| Size: |
20480
|
|
|
3A39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A39000
|
| Size: |
4096
|
|
|
1296000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128542234.0000000001296000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1296000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178420909.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
449D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221304731.000000000449D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449D000
|
| Size: |
12288
|
|
|
3A33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A33000
|
| Size: |
12288
|
|
|
4893000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237206391.0000000004893000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4893000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204171460.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
39F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39F6000
|
| Size: |
8192
|
|
|
DCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156233128.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
4096
|
|
|
8745000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.0000000008745000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8745000
|
| Size: |
20480
|
|
|
F2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000000F2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F2A000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160287251.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
450E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204338253.000000000450E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
4861000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004861000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4861000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177938169.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979983650.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982186746.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
482C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221947314.000000000482C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482C000
|
| Size: |
81920
|
|
|
15EBD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210677595.0000000015EBD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15EBD000
|
| Size: |
532480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156973862.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175150804.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156213625.0000000002F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5E000
|
| Size: |
8192
|
|
|
188B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214334666.00000000188B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
188B0000
|
| Size: |
61440
|
|
|
128C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128510272.000000000128C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
128C000
|
| Size: |
16384
|
|
|
288D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161432556.000000000288D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
288D000
|
| Size: |
12288
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205212420.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
16384
|
|
|
4828000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004828000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
24576
|
|
|
3FDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235490200.0000000003FDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FDC000
|
| Size: |
40960
|
|
|
B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160848290.0000000000B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B90000
|
| Size: |
4096
|
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116664504.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980105030.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
B03C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B03C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B03C000
|
| Size: |
380928
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211811015.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
8690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.0000000008690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8690000
|
| Size: |
352256
|
|
|
14890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2118208646.0000000014890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14890000
|
| Size: |
5840896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177643316.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7FC58000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3238979167.000000007FC58000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC58000
|
| Size: |
4096
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157124892.0000000000D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
4096
|
|
|
6CB90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.2120100676.000000006CB90000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB90000
|
| Size: |
122880
|
|
|
39DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39DD000
|
| Size: |
28672
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170324281.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4871000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223759196.0000000004871000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4871000
|
| Size: |
61440
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205268553.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
B01A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B01A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B01A000
|
| Size: |
24576
|
|
|
4872000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223844796.0000000004872000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4872000
|
| Size: |
57344
|
|
|
FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157488089.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA0000
|
| Size: |
20480
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204570163.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
3686400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3994000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003994000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3994000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176959410.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3B5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234241581.0000000003B5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5D000
|
| Size: |
77824
|
|
|
3FE7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FE7000
|
| Size: |
4096
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203660135.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
9E2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238753315.0000000009E2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9E2C000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980042770.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
16000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153467378.0000000016000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16000000
|
| Size: |
790528
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108758302.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
126976
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177470563.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203468433.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176432803.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202284689.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
20480
|
|
|
5022000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005022000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5022000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204338253.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
3970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3970000
|
| Size: |
24576
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980053340.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
16EBE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212222913.0000000016EBE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16EBE000
|
| Size: |
8192
|
|
|
2CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157688316.0000000002CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDE000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170884691.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207215115.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206908855.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
166FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153699749.00000000166FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
166FD000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979903418.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
179DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213197153.00000000179DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
179DD000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167804141.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237929022.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
16384
|
|
|
E06000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116838498.0000000000E06000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E06000
|
| Size: |
8192
|
|
|
DD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174623880.0000000000DD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD1000
|
| Size: |
135168
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204538131.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
20480
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2160381242.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159416769.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166519084.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3FB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB4000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176793610.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3FEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235589431.0000000003FEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FEA000
|
| Size: |
24576
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205372101.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
16384
|
|
|
5CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204570163.0000000005CFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CFD000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109022172.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
B4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155423000.0000000000B4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4C000
|
| Size: |
16384
|
|
|
9FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114328030.00000000009FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FD000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178575227.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4016000
|
| Size: |
8192
|
|
|
E2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2192189677.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E2E000
|
| Size: |
12288
|
|
|
48A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237350294.00000000048A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48A6000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173719704.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2805000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.0000000002805000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2805000
|
| Size: |
20480
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159486517.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
1748D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119825962.000000001748D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1748D000
|
| Size: |
12288
|
|
|
DF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2192213816.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF4000
|
| Size: |
147456
|
|
|
DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165308239.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
16384
|
|
|
6CB8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146998217.000000006CB8F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6CB8F000
|
| Size: |
4096
|
|
|
17A76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146857104.0000000017A76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A76000
|
| Size: |
53248
|
|
|
A45000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155393047.0000000000A45000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A45000
|
| Size: |
45056
|
|
|
9E2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694883360.0000000009E2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9E2C000
|
| Size: |
8192
|
|
|
AFF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AFF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AFF2000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167772048.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
E1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165166558.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E1B000
|
| Size: |
4096
|
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114536031.0000000000BB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
4096
|
|
|
48AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237403556.00000000048AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48AB000
|
| Size: |
4096
|
|
|
5028000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005028000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5028000
|
| Size: |
24576
|
|
|
DCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165566366.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCD000
|
| Size: |
36864
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157639064.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
8192
|
|
|
167EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.2112628149.00000000167EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
167EA000
|
| Size: |
1933312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175270644.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161592700.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173145398.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
86F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86F4000
|
| Size: |
8192
|
|
|
166AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153677509.00000000166AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
166AC000
|
| Size: |
16384
|
|
|
86FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86FF000
|
| Size: |
8192
|
|
|
4A84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004A84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A84000
|
| Size: |
4096
|
|
|
4480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236208904.0000000004480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4480000
|
| Size: |
8192
|
|
|
D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
36864
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156068167.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
12288
|
|
|
DF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165405857.0000000000DF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF2000
|
| Size: |
8192
|
|
|
3FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB2000
|
| Size: |
4096
|
|
|
3A16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A16000
|
| Size: |
61440
|
|
|
4873000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223884244.0000000004873000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4873000
|
| Size: |
53248
|
|
|
173E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212645062.00000000173E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
173E8000
|
| Size: |
724992
|
|
|
2954000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232514425.0000000002954000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2954000
|
| Size: |
8192
|
|
|
F5C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000000F5C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F5C000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3860000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233238964.0000000003860000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3860000
|
| Size: |
20480
|
|
|
18BCE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214584582.0000000018BCE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
18BCE000
|
| Size: |
8192
|
|
|
16FBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2123032976.0000000016FBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16FBE000
|
| Size: |
1933312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
17A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146857104.0000000017A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A40000
|
| Size: |
204800
|
|
|
E1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209570879.0000000000E1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E1F000
|
| Size: |
24576
|
|
|
D76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157124892.0000000000D76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D76000
|
| Size: |
12288
|
|
|
4895000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224513599.0000000004895000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4895000
|
| Size: |
45056
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980816322.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2120426406.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
399A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.000000000399A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
399A000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204815778.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
4096
|
|
|
DCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156413232.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
4096
|
|
|
16090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119211449.0000000016090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16090000
|
| Size: |
790528
|
|
|
3D36000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234281377.0000000003D36000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D36000
|
| Size: |
32768
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169800068.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157068773.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177096361.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
8192
|
|
|
37AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233137032.00000000037AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37AF000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173758658.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178234222.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178160310.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981785035.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204013100.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
8192
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203310473.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
483B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222583718.000000000483B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483B000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168171609.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
9E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694883360.0000000009E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9E30000
|
| Size: |
8192
|
|
|
115E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108758302.000000000115E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115E000
|
| Size: |
278528
|
|
|
6AB0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3237701418.0000000006AB0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
6AB0000
|
| Size: |
49152
|
|
|
6CB40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.2146938374.000000006CB40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB40000
|
| Size: |
4096
|
|
|
3E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234458323.0000000003E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E40000
|
| Size: |
4096
|
|
|
8030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238035751.0000000008030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8030000
|
| Size: |
24576
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160617791.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114553649.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BC0000
|
| Size: |
4096
|
|
|
D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116759729.0000000000D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D2E000
|
| Size: |
8192
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2143178729.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980366937.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176372120.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
B09C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B09C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B09C000
|
| Size: |
126976
|
|
|
2856000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.0000000002856000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2856000
|
| Size: |
4096
|
|
|
482F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.000000000482F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
8192
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203861265.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
28672
|
|
|
112A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155694473.000000000112A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
112A000
|
| Size: |
131072
|
|
|
1161000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108848878.0000000001161000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1161000
|
| Size: |
266240
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176525626.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979996651.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167256320.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4883000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224188604.0000000004883000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4883000
|
| Size: |
118784
|
|
|
7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212297057.0000000007FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB0000
|
| Size: |
65536
|
|
|
325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232815980.000000000325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325F000
|
| Size: |
4096
|
|
|
44E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.00000000044E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44E1000
|
| Size: |
81920
|
|
|
4B63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004B63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B63000
|
| Size: |
299008
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205806907.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2120452502.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
4828000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004828000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
24576
|
|
|
174DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119865284.00000000174DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
174DE000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177054716.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204538131.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169763983.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160760409.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
488C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224301522.000000000488C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488C000
|
| Size: |
81920
|
|
|
3FF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235589431.0000000003FF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF1000
|
| Size: |
20480
|
|
|
488A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224267115.000000000488A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488A000
|
| Size: |
90112
|
|
|
3FF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235589431.0000000003FF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF7000
|
| Size: |
4096
|
|
|
4528000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212019174.0000000004528000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4528000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173454779.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3374000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156362582.0000000003374000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3374000
|
| Size: |
16384
|
|
|
45DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236556355.00000000045DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DE000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980133121.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
539A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.000000000539A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
539A000
|
| Size: |
139264
|
|
|
DD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165536584.0000000000DD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD6000
|
| Size: |
28672
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980735605.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982493613.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
17C7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146902226.0000000017C7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17C7D000
|
| Size: |
12288
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
8693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210311468.0000000008693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8693000
|
| Size: |
32768
|
|
|
486B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223344735.000000000486B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486B000
|
| Size: |
86016
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178306728.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231651963.00000000005F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
102C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157535345.000000000102C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
102C000
|
| Size: |
20480
|
|
|
1681E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153778342.000000001681E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1681E000
|
| Size: |
8192
|
|
|
501D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.000000000501D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
501D000
|
| Size: |
8192
|
|
|
EAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EAC000
|
| Size: |
102400
|
|
|
DCB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165725947.0000000000DCB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCB000
|
| Size: |
8192
|
|
|
2F4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002F4D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F4D000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178056636.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
437B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236160300.000000000437B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
437B000
|
| Size: |
20480
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166205317.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154483758.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
489F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237302819.000000000489F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
489F000
|
| Size: |
4096
|
|
|
15400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2152997286.0000000015400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15400000
|
| Size: |
6164480
|
|
|
4660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151578654.0000000004660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4660000
|
| Size: |
16384
|
|
|
4524000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212110523.0000000004524000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4524000
|
| Size: |
16384
|
|
|
156F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129539401.000000000156F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
4096
|
|
|
DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116805122.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
16384
|
|
|
18790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214173153.0000000018790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18790000
|
| Size: |
1019904
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208486914.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
4096
|
|
|
6CB40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.2119907422.000000006CB40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB40000
|
| Size: |
4096
|
|
|
2861000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.0000000002861000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2861000
|
| Size: |
184320
|
|
|
16A3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119544286.0000000016A3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16A3D000
|
| Size: |
12288
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160472826.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168248357.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3A43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210177942.0000000003A43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A43000
|
| Size: |
12288
|
|
|
3FDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235490200.0000000003FDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FDA000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178350224.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D9A000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
450E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204013100.000000000450E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979971283.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
400A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.000000000400A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
400A000
|
| Size: |
4096
|
|
|
2EFC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EFC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EFC000
|
| Size: |
8192
|
|
|
48D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237479573.00000000048D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48D2000
|
| Size: |
57344
|
|
|
4008000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004008000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4008000
|
| Size: |
4096
|
|
|
482F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222099201.000000000482F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
69632
|
|
|
3F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F98000
|
| Size: |
28672
|
|
|
4827000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221845715.0000000004827000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4827000
|
| Size: |
102400
|
|
|
48EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.00000000048EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48EE000
|
| Size: |
1642496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165248791.0000000000DED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DED000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147398462.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4485000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236208904.0000000004485000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4485000
|
| Size: |
65536
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166295753.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980310839.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
1733D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146720630.000000001733D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1733D000
|
| Size: |
12288
|
|
|
37D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233171760.00000000037D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37D0000
|
| Size: |
4096
|
|
|
4507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205411047.0000000004507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4507000
|
| Size: |
20480
|
|
|
4034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4034000
|
| Size: |
4096
|
|
|
2F04000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002F04000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F04000
|
| Size: |
16384
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204617758.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
16384
|
|
|
39D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D8000
|
| Size: |
12288
|
|
|
F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157403090.0000000000F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
8192
|
|
|
3E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234634074.0000000003E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E70000
|
| Size: |
4096
|
|
|
3A43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A43000
|
| Size: |
12288
|
|
|
4016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4016000
|
| Size: |
8192
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2143298552.0000000002EA0000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
16384
|
|
|
487A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237016143.000000000487A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
487A000
|
| Size: |
8192
|
|
|
329E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232850487.000000000329E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329E000
|
| Size: |
8192
|
|
|
3971000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174847069.0000000003971000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3971000
|
| Size: |
36864
|
|
|
449A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236255537.000000000449A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449A000
|
| Size: |
4096
|
|
|
ABC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114479237.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABC000
|
| Size: |
4096
|
|
|
4520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212110523.0000000004520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4520000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158982682.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
3A27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A27000
|
| Size: |
36864
|
|
|
463B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236603507.000000000463B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
463B000
|
| Size: |
49152
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2157023070.0000000000D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
4096
|
|
|
16B5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119609360.0000000016B5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16B5D000
|
| Size: |
12288
|
|
|
3A6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A6C000
|
| Size: |
12288
|
|
|
A3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114448483.0000000000A3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3D000
|
| Size: |
12288
|
|
|
91E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238722573.00000000091E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
91E2000
|
| Size: |
24576
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164696091.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231819875.0000000000A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
16384
|
|
|
399D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.000000000399D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
399D000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211781476.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
16384
|
|
|
48AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237430329.00000000048AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48AD000
|
| Size: |
4096
|
|
|
57CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204518292.00000000057CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57CD000
|
| Size: |
12288
|
|
|
116E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980862150.000000000116E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
116E000
|
| Size: |
122880
|
|
|
171AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154072548.00000000171AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
171AD000
|
| Size: |
12288
|
|
|
50EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000050EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50EC000
|
| Size: |
4096
|
|
|
4BD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD8000
|
| Size: |
20480
|
|
|
3FA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA7000
|
| Size: |
36864
|
|
|
3A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5B000
|
| Size: |
28672
|
|
|
86FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86FB000
|
| Size: |
12288
|
|
|
2E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2143231439.0000000002E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E80000
|
| Size: |
4096
|
|
|
39E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39E7000
|
| Size: |
8192
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205739570.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979939705.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
C2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231900145.0000000000C2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C2C000
|
| Size: |
16384
|
|
|
4838000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222467826.0000000004838000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4838000
|
| Size: |
32768
|
|
|
502F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.000000000502F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
502F000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175964665.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
17200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154114664.0000000017200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17200000
|
| Size: |
270336
|
|
|
16B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153987602.0000000016B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B60000
|
| Size: |
1044480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165760918.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCA000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170113355.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3676000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.0000000003676000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3676000
|
| Size: |
4096
|
|
|
1789D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213057438.000000001789D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1789D000
|
| Size: |
12288
|
|
|
48A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237380212.00000000048A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48A9000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178127004.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
6F5BF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2215335924.000000006F5BF000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6F5BF000
|
| Size: |
4096
|
|
|
11C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108665648.00000000011C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C3000
|
| Size: |
12288
|
|
|
DD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174905166.0000000000DD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD1000
|
| Size: |
135168
|
|
|
2962000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155617316.0000000002962000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2962000
|
| Size: |
1933312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237611803.0000000004910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4910000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169950517.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
462F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236579583.000000000462F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
462F000
|
| Size: |
4096
|
|
|
12DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157615150.00000000012DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DE000
|
| Size: |
8192
|
|
|
17420000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146750112.0000000017420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17420000
|
| Size: |
1044480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
15E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210677595.0000000015E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E40000
|
| Size: |
462848
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204338253.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
28672
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147116761.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155643791.0000000000DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCE000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177287586.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
16ACD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153919476.0000000016ACD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16ACD000
|
| Size: |
12288
|
|
|
27C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.00000000027C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
27C0000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160384125.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178086858.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981853290.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109374773.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
269A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.000000000269A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
269A000
|
| Size: |
12288
|
|
|
33CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156436296.00000000033CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33CE000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166443863.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4887000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224230677.0000000004887000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4887000
|
| Size: |
102400
|
|
|
4A8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004A8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A8A000
|
| Size: |
413696
|
|
|
12F1000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202161271.00000000012F1000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F1000
|
| Size: |
32768
|
|
|
39F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39F1000
|
| Size: |
4096
|
|
|
2CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158618782.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD0000
|
| Size: |
176128
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178493144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2173636978.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
26FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26FA000
|
| Size: |
4096
|
|
|
4BAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BAD000
|
| Size: |
4096
|
|
|
450E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.000000000450E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
65536
|
|
|
C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116685885.0000000000C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C3E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178201010.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231938407.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
16384
|
|
|
3FF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF1000
|
| Size: |
20480
|
|
|
3140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980441300.0000000003140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3140000
|
| Size: |
8192
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158883039.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169834958.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1695D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153798757.000000001695D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1695D000
|
| Size: |
12288
|
|
|
3A33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A33000
|
| Size: |
12288
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161038702.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
3640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232998438.0000000003640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3640000
|
| Size: |
4096
|
|
|
4882000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224151006.0000000004882000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4882000
|
| Size: |
122880
|
|
|
4830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222134687.0000000004830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4830000
|
| Size: |
65536
|
|
|
16A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146325914.0000000016A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16A70000
|
| Size: |
167936
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109002670.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
6CB41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.2154217651.000000006CB41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
6CB41000
|
| Size: |
233472
|
|
|
4878000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224067015.0000000004878000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4878000
|
| Size: |
32768
|
|
|
17D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213414029.0000000017D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17D5E000
|
| Size: |
8192
|
|
|
2646000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151305434.0000000002646000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2646000
|
| Size: |
8192
|
|
|
489B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237276833.000000000489B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
489B000
|
| Size: |
4096
|
|
|
11B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156005803.00000000011B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B3000
|
| Size: |
65536
|
|
|
48B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237452827.00000000048B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B2000
|
| Size: |
8192
|
|
|
5011000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005011000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5011000
|
| Size: |
45056
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177999444.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979623920.0000000002F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
176128
|
|
|
39EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39EC000
|
| Size: |
16384
|
|
|
4030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
8192
|
|
|
2FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203395846.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA0000
|
| Size: |
40960
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2122194724.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157511368.0000000000FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FEE000
|
| Size: |
8192
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206097835.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
2F46000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002F46000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F46000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176281232.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237905203.0000000007F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F20000
|
| Size: |
4096
|
|
|
4030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
8192
|
|
|
167FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211609625.00000000167FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
167FD000
|
| Size: |
12288
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161363937.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
168FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211662607.00000000168FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
168FE000
|
| Size: |
8192
|
|
|
305E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156252734.000000000305E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305E000
|
| Size: |
8192
|
|
|
18A8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214513396.0000000018A8F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
18A8F000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176581946.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
449B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221275243.000000000449B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449B000
|
| Size: |
20480
|
|
|
39DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39DD000
|
| Size: |
28672
|
|
|
4AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156564270.0000000004AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170438122.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
482E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222013668.000000000482E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482E000
|
| Size: |
73728
|
|
|
47FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117272769.00000000047FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47FB000
|
| Size: |
20480
|
|
|
7F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237879928.0000000007F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F10000
|
| Size: |
4096
|
|
|
16798000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2148270182.0000000016798000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16798000
|
| Size: |
1933312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4894000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224484111.0000000004894000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4894000
|
| Size: |
49152
|
|
|
E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116886534.0000000000E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
16384
|
|
|
116D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980925564.000000000116D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
116D000
|
| Size: |
4096
|
|
|
13CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.00000000013CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13CA000
|
| Size: |
200704
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DEB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165308239.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DEB000
|
| Size: |
8192
|
|
|
DBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156233128.0000000000DBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DBB000
|
| Size: |
24576
|
|
|
EC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
4096
|
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128697150.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
4096
|
|
|
DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
36864
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980065681.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
17D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213444702.0000000017D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17D9E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176168881.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
DDD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165456401.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DDD000
|
| Size: |
28672
|
|
|
3FFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235589431.0000000003FFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FFD000
|
| Size: |
32768
|
|
|
4016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4016000
|
| Size: |
8192
|
|
|
319E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203552350.000000000319E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319E000
|
| Size: |
8192
|
|
|
B023000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B023000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B023000
|
| Size: |
12288
|
|
|
350E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156500539.000000000350E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
350E000
|
| Size: |
8192
|
|
|
4BB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB1000
|
| Size: |
139264
|
|
|
16B91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2148806216.0000000016B91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B91000
|
| Size: |
135168
|
|
|
39F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39F6000
|
| Size: |
8192
|
|
|
4034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695864364.0000000004034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4034000
|
| Size: |
4096
|
|
|
367D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.000000000367D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
367D000
|
| Size: |
16384
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159154364.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
6CB7A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.2120023818.000000006CB7A000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB7A000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
117E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980925564.000000000117E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
117E000
|
| Size: |
57344
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168024669.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
175DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212890743.00000000175DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
175DE000
|
| Size: |
8192
|
|
|
4020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
4096
|
|
|
3FC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC2000
|
| Size: |
4096
|
|
|
3FDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FDC000
|
| Size: |
40960
|
|
|
4AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144308166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
16384
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161131854.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
1158000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155809456.0000000001158000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1158000
|
| Size: |
8192
|
|
|
4010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4010000
|
| Size: |
16384
|
|
|
1673D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153719448.000000001673D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1673D000
|
| Size: |
12288
|
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116744143.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
16384
|
|
|
2950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232514425.0000000002950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2950000
|
| Size: |
8192
|
|
|
6F5C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2215490405.000000006F5C0000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F5C0000
|
| Size: |
122880
|
|
|
7EC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237822084.0000000007EC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC2000
|
| Size: |
16384
|
|
|
4811000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004811000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4811000
|
| Size: |
45056
|
|
|
4800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221027320.0000000004800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
131072
|
|
|
4B64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004B64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B64000
|
| Size: |
303104
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159560488.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170950363.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175860947.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
53C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53C7000
|
| Size: |
4096
|
|
|
172AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146690907.00000000172AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
172AD000
|
| Size: |
12288
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158950899.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167841547.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
183C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.00000000183C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
183C2000
|
| Size: |
778240
|
|
|
CCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116729283.0000000000CCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
8192
|
|
|
5396000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005396000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5396000
|
| Size: |
4096
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2155023654.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
49152
|
|
|
4496000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221118928.0000000004496000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4496000
|
| Size: |
40960
|
|
|
16C81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.2113582136.0000000016C81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C81000
|
| Size: |
126976
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109099718.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
A3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160698106.0000000000A3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3C000
|
| Size: |
16384
|
|
|
1678E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153740388.000000001678E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1678E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109058264.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
3A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5B000
|
| Size: |
28672
|
|
|
D9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165869956.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D9A000
|
| Size: |
126976
|
|
|
2E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979567531.0000000002E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
65536
|
|
|
E09000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116838498.0000000000E09000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E09000
|
| Size: |
28672
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160830786.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
26A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26A0000
|
| Size: |
16384
|
|
|
482F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.000000000482F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
8192
|
|
|
DB9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156413232.0000000000DB9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB9000
|
| Size: |
8192
|
|
|
3978000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003978000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3978000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000D53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D53000
|
| Size: |
151552
|
|
|
3622000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.0000000003622000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3622000
|
| Size: |
24576
|
|
|
DB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156378766.0000000000DB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB7000
|
| Size: |
16384
|
|
|
3D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234281377.0000000003D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D30000
|
| Size: |
4096
|
|
|
3FFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FFD000
|
| Size: |
32768
|
|
|
11D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108665648.00000000011D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D2000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177007447.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154429828.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
151E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129508582.000000000151E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
151E000
|
| Size: |
8192
|
|
|
4A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A90000
|
| Size: |
778240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2164857464.0000000000D76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D76000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
483F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222733735.000000000483F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483F000
|
| Size: |
4096
|
|
|
16210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153534805.0000000016210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16210000
|
| Size: |
167936
|
|
|
17A3E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146840594.0000000017A3E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
17A3E000
|
| Size: |
8192
|
|
|
4868000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223212783.0000000004868000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4868000
|
| Size: |
98304
|
|
|
B0C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B0C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B0C7000
|
| Size: |
589824
|
|
|
11D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156034035.00000000011D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D2000
|
| Size: |
4096
|
|
|
2662000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.0000000002662000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2662000
|
| Size: |
86016
|
|
|
6CB90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.2147012792.000000006CB90000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB90000
|
| Size: |
122880
|
|
|
468E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236736164.000000000468E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
468E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166624432.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175113567.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
17CCE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146920836.0000000017CCE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
17CCE000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177558620.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114599939.0000000002F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8E000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109476278.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
53E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53E9000
|
| Size: |
8192
|
|
|
B0C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B0C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B0C1000
|
| Size: |
20480
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981957378.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
1189000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108962887.0000000001189000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1189000
|
| Size: |
102400
|
|
|
4877000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224026031.0000000004877000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4877000
|
| Size: |
36864
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2171084444.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
39D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D5000
|
| Size: |
4096
|
|
|
1726F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146676622.000000001726F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1726F000
|
| Size: |
4096
|
|
|
36AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233082998.00000000036AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36AE000
|
| Size: |
8192
|
|
|
4497000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221154244.0000000004497000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4497000
|
| Size: |
36864
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205268553.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
4096
|
|
|
7FC52000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3238879086.000000007FC52000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC52000
|
| Size: |
4096
|
|
|
397E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2196210993.000000000397E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
397E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175696844.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233037954.0000000003660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3660000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109414882.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
528A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.000000000528A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
528A000
|
| Size: |
413696
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980402764.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4034000
|
| Size: |
4096
|
|
|
17B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213265373.0000000017B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17B1E000
|
| Size: |
8192
|
|
|
55E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204369136.00000000055E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
24576
|
|
|
DF4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165217052.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF4000
|
| Size: |
57344
|
|
|
3A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210255465.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5B000
|
| Size: |
28672
|
|
|
452F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212019174.000000000452F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
452F000
|
| Size: |
45056
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160571776.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
454F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211983480.000000000454F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
454F000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168100050.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
6CB41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000002.2146952226.000000006CB41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
6CB41000
|
| Size: |
233472
|
|
|
DAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156467852.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DAB000
|
| Size: |
8192
|
|
|
3973000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2196210993.0000000003973000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3973000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982083634.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
EBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161085308.0000000000EBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EBD000
|
| Size: |
12288
|
|
|
4535000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236507776.0000000004535000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4535000
|
| Size: |
20480
|
|
|
158B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202722628.000000000158B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
158B000
|
| Size: |
770048
|
|
|
101B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157535345.000000000101B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101B000
|
| Size: |
65536
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161836011.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
17C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213383675.0000000017C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17C5E000
|
| Size: |
8192
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980615279.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
4891000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237183978.0000000004891000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
4020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
4096
|
|
|
280C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.000000000280C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
280C000
|
| Size: |
8192
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155493676.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
16384
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982008922.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4824000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221716863.0000000004824000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4824000
|
| Size: |
114688
|
|
|
18494000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.0000000018494000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18494000
|
| Size: |
73728
|
|
|
404E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.000000000404E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
404E000
|
| Size: |
8192
|
|
|
D9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2164857464.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D9A000
|
| Size: |
126976
|
|
|
115E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980925564.000000000115E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115E000
|
| Size: |
32768
|
|
|
17F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203295211.00000000017F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F8000
|
| Size: |
12288
|
|
|
4008000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004008000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4008000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164835426.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231779297.0000000000A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
16384
|
|
|
13C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202284689.00000000013C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C6000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170154150.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
48C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237479573.00000000048C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48C0000
|
| Size: |
12288
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203912193.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
28672
|
|
|
2D9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232607488.0000000002D9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9D000
|
| Size: |
12288
|
|
|
488E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224340532.000000000488E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488E000
|
| Size: |
73728
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177514121.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3A43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A43000
|
| Size: |
12288
|
|
|
33DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232920498.00000000033DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DB000
|
| Size: |
20480
|
|
|
3FCC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FCC000
|
| Size: |
4096
|
|
|
162A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119287758.00000000162A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
162A0000
|
| Size: |
188416
|
|
|
398A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.000000000398A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
398A000
|
| Size: |
12288
|
|
|
3E4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234458323.0000000003E4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E4A000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164633885.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203660135.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
24576
|
|
|
39E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39E7000
|
| Size: |
8192
|
|
|
6AAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237668336.0000000006AAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AAC000
|
| Size: |
16384
|
|
|
6CB41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000002.2156715244.000000006CB41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
6CB41000
|
| Size: |
233472
|
|
|
D9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156689255.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D9D000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980344434.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4831000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222217098.0000000004831000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4831000
|
| Size: |
61440
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981975172.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
40FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236028175.00000000040FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40FF000
|
| Size: |
4096
|
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114568885.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F0E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176673932.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
16C7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119642317.0000000016C7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C7E000
|
| Size: |
4096
|
|
|
3A3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A3D000
|
| Size: |
73728
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2052257743.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4499000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221214659.0000000004499000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4499000
|
| Size: |
28672
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161219019.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109393053.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2120308628.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
1010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157535345.0000000001010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1010000
|
| Size: |
36864
|
|
|
15490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2118652085.0000000015490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15490000
|
| Size: |
6164480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167307726.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D96000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156689255.0000000000D96000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D96000
|
| Size: |
4096
|
|
|
481D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.000000000481D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
481D000
|
| Size: |
8192
|
|
|
3E42000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234458323.0000000003E42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E42000
|
| Size: |
16384
|
|
|
16F1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146536442.0000000016F1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16F1D000
|
| Size: |
12288
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205927145.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
48C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.00000000048C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48C3000
|
| Size: |
77824
|
|
|
17E9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213473546.0000000017E9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17E9D000
|
| Size: |
12288
|
|
|
AF4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AF4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF4D000
|
| Size: |
24576
|
|
|
17451000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2123677991.0000000017451000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17451000
|
| Size: |
135168
|
|
|
1580000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202722628.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
40960
|
|
|
86EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86EA000
|
| Size: |
4096
|
|
|
B0BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B0BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B0BC000
|
| Size: |
16384
|
|
|
487D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237041129.000000000487D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
487D000
|
| Size: |
12288
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205411047.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
4096
|
|
|
53C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53C1000
|
| Size: |
20480
|
|
|
17F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203295211.00000000017F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F0000
|
| Size: |
20480
|
|
|
DCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174623880.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCD000
|
| Size: |
4096
|
|
|
17ADE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213228623.0000000017ADE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
17ADE000
|
| Size: |
8192
|
|
|
164A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202722628.000000000164A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
164A000
|
| Size: |
217088
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116790299.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982025429.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
3370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156362582.0000000003370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3370000
|
| Size: |
8192
|
|
|
B3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160733200.0000000000B3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3C000
|
| Size: |
16384
|
|
|
2DD9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129875421.0000000002DD9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2DD9000
|
| Size: |
28672
|
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160890096.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
8192
|
|
|
44F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236323368.00000000044F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44F8000
|
| Size: |
65536
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160914309.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2EB2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EB2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EB2000
|
| Size: |
86016
|
|
|
18365000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.0000000018365000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18365000
|
| Size: |
307200
|
|
|
4828000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221879273.0000000004828000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
98304
|
|
|
DA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156467852.0000000000DA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA1000
|
| Size: |
36864
|
|
|
3640000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2168610950.0000000003640000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
3640000
|
| Size: |
4096
|
|
|
3A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210177942.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5B000
|
| Size: |
28672
|
|
|
4884000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237091508.0000000004884000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4884000
|
| Size: |
12288
|
|
|
8120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238085620.0000000008120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8120000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167695412.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4509000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208306950.0000000004509000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
12288
|
|
|
4876000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223991959.0000000004876000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4876000
|
| Size: |
40960
|
|
|
4BE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BE2000
|
| Size: |
8192
|
|
|
1721D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146660888.000000001721D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1721D000
|
| Size: |
12288
|
|
|
451E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212110523.000000000451E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
451E000
|
| Size: |
4096
|
|
|
4874000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223926785.0000000004874000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4874000
|
| Size: |
49152
|
|
|
EF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157329810.0000000000EF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EF9000
|
| Size: |
12288
|
|
|
4509000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206097835.0000000004509000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
12288
|
|
|
252E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151229101.000000000252E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
252E000
|
| Size: |
8192
|
|
|
D7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165869956.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D7F000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
16A7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153892532.0000000016A7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16A7D000
|
| Size: |
12288
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169993352.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203310473.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
24576
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178460211.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3FF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000003FF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF7000
|
| Size: |
4096
|
|
|
15EB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210677595.0000000015EB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15EB4000
|
| Size: |
20480
|
|
|
6CB8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154274568.000000006CB8F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6CB8F000
|
| Size: |
4096
|
|
|
AD50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AD50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AD50000
|
| Size: |
192512
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980643059.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4855000
|
| Size: |
4096
|
|
|
38AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233304300.00000000038AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38AE000
|
| Size: |
81920
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3231695448.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156563372.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA8000
|
| Size: |
8192
|
|
|
447E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236185104.000000000447E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
447E000
|
| Size: |
8192
|
|
|
3997000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003997000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3997000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981817649.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4863000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222947322.0000000004863000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4863000
|
| Size: |
118784
|
|
|
4BD9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BD9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD9000
|
| Size: |
20480
|
|
|
D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160932794.0000000000D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D5E000
|
| Size: |
8192
|
|
|
3E47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234458323.0000000003E47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E47000
|
| Size: |
8192
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159036706.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
5000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.0000000005000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
114F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155694473.000000000114F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
114F000
|
| Size: |
28672
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108848878.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
49152
|
|
|
14800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2152631847.0000000014800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14800000
|
| Size: |
5840896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1603E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211091709.000000001603E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1603E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167419309.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A5B000
|
| Size: |
61440
|
|
|
15C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2162152128.0000000015C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C60000
|
| Size: |
1933312
|
|
|
DC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165760918.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC1000
|
| Size: |
24576
|
|
|
3640000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2168565561.0000000003640000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
3640000
|
| Size: |
4096
|
|
|
4517000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205697975.0000000004517000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4517000
|
| Size: |
16384
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147170848.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
16A17000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211693755.0000000016A17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A17000
|
| Size: |
135168
|
|
|
16B3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212094137.0000000016B3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16B3D000
|
| Size: |
12288
|
|
|
35E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.00000000035E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
35E0000
|
| Size: |
4096
|
|
|
16FAE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146593501.0000000016FAE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16FAE000
|
| Size: |
8192
|
|
|
B014000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B014000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B014000
|
| Size: |
12288
|
|
|
3E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234596376.0000000003E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E50000
|
| Size: |
8192
|
|
|
D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160965350.0000000000D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D70000
|
| Size: |
16384
|
|
|
E27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209570879.0000000000E27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E27000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
115B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155836648.000000000115B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115B000
|
| Size: |
8192
|
|
|
3FF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000003FF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF1000
|
| Size: |
20480
|
|
|
4030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
8192
|
|
|
48E0000
|
trusted library allocation
|
page execute
|
|
|
|
| Name: |
00000008.00000002.3237583734.00000000048E0000.00000010.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute
|
| Base address: |
48E0000
|
| Size: |
4096
|
|
|
4BE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BE6000
|
| Size: |
12288
|
|
|
4899000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224572991.0000000004899000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4899000
|
| Size: |
28672
|
|
|
DCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165760918.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
4096
|
|
|
4514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203226529.0000000004514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
4826000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236837419.0000000004826000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4826000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208486914.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2170400399.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2178539749.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161966765.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4511000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212221132.0000000004511000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4511000
|
| Size: |
53248
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202232181.0000000001350000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
4096
|
|
|
4832000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222255661.0000000004832000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4832000
|
| Size: |
57344
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2109081308.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
450E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204171460.000000000450E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177791878.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
4833000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004833000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4833000
|
| Size: |
184320
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982065694.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
183B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.00000000183B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
183B1000
|
| Size: |
49152
|
|
|
4498000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221184233.0000000004498000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4498000
|
| Size: |
32768
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979952941.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
4825000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221785328.0000000004825000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4825000
|
| Size: |
110592
|
|
|
ADA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000ADA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ADA2000
|
| Size: |
139264
|
|
|
3FF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF7000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159508292.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175510269.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
3060000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156298160.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3060000
|
| Size: |
4096
|
|
|
FF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF8000
|
| Size: |
36864
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981991792.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
361E000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.000000000361E000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
2E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979861838.0000000002E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
241664
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980766847.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206097835.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
2F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1979750580.0000000002F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
176128
|
|
|
4820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221375415.0000000004820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
131072
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205268553.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
20480
|
|
|
3FE7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235490200.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FE7000
|
| Size: |
4096
|
|
|
285D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.000000000285D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
285D000
|
| Size: |
4096
|
|
|
2FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114617975.0000000002FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCF000
|
| Size: |
4096
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2160812389.0000000000B80000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
4096
|
|
|
26A5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026A5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26A5000
|
| Size: |
20480
|
|
|
413B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236077727.000000000413B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
413B000
|
| Size: |
20480
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981833419.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4636000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236603507.0000000004636000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4636000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166564412.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155694473.0000000001120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1120000
|
| Size: |
36864
|
|
|
482B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221912631.000000000482B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
86016
|
|
|
3D34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234281377.0000000003D34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D34000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2147201627.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
1727B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119778245.000000001727B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1727B000
|
| Size: |
118784
|
|
|
450A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204013100.000000000450A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450A000
|
| Size: |
12288
|
|
|
3290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156332561.0000000003290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3290000
|
| Size: |
4096
|
|
|
2800000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.0000000002800000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2800000
|
| Size: |
16384
|
|
|
4829000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236860964.0000000004829000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
8192
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160798854.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
DD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174482349.0000000000DD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD1000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4869000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223273049.0000000004869000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4869000
|
| Size: |
94208
|
|
|
7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212435064.0000000007FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB0000
|
| Size: |
65536
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2166904590.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
453A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211906918.000000000453A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
453A000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175193544.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212402346.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC0000
|
| Size: |
4096
|
|
|
1653D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2211240409.000000001653D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1653D000
|
| Size: |
12288
|
|
|
486F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223622249.000000000486F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
69632
|
|
|
169ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153838036.00000000169ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
169ED000
|
| Size: |
12288
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158927209.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206436631.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167382971.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1169000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155864553.0000000001169000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1169000
|
| Size: |
81920
|
|
|
40AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235994008.00000000040AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40AE000
|
| Size: |
8192
|
|
|
869B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209535290.000000000869B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
869B000
|
| Size: |
20480
|
|
|
9E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694931023.0000000009E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9E30000
|
| Size: |
8192
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980145462.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
4839000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222503199.0000000004839000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4839000
|
| Size: |
28672
|
|
|
DDA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2165566366.0000000000DDA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DDA000
|
| Size: |
12288
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161409209.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982474788.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4535000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212071611.0000000004535000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4535000
|
| Size: |
20480
|
|
|
4835000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236886518.0000000004835000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4835000
|
| Size: |
4096
|
|
|
6CB40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.2156674623.000000006CB40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB40000
|
| Size: |
4096
|
|
|
B1A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B1A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B1A4000
|
| Size: |
12288
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208306950.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
400A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.000000000400A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
400A000
|
| Size: |
4096
|
|
|
6CB8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2156886187.000000006CB8F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6CB8F000
|
| Size: |
4096
|
|
|
16860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146246470.0000000016860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16860000
|
| Size: |
790528
|
|
|
D95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156845566.0000000000D95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D95000
|
| Size: |
4096
|
|
|
4875000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223958331.0000000004875000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4875000
|
| Size: |
45056
|
|
|
7FC5A000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3239037060.000000007FC5A000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC5A000
|
| Size: |
4096
|
|
|
3684000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.0000000003684000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3684000
|
| Size: |
782336
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168206927.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
15C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2145831740.0000000015C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
15C60000
|
| Size: |
6164480
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160526410.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
3A27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A27000
|
| Size: |
32768
|
|
|
488B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237139074.000000000488B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488B000
|
| Size: |
4096
|
|
|
3FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA0000
|
| Size: |
16384
|
|
|
3F62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F62000
|
| Size: |
20480
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982251060.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224411790.0000000004890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4890000
|
| Size: |
65536
|
|
|
488D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237162147.000000000488D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488D000
|
| Size: |
4096
|
|
|
400A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.000000000400A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
400A000
|
| Size: |
4096
|
|
|
3FFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000003FFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FFD000
|
| Size: |
32768
|
|
|
3640000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2168636961.0000000003640000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
3640000
|
| Size: |
4096
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159199662.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
18290000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213676807.0000000018290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18290000
|
| Size: |
212992
|
|
|
7B8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237742344.0000000007B8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B8C000
|
| Size: |
16384
|
|
|
2DD6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129875421.0000000002DD6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2DD6000
|
| Size: |
8192
|
|
|
114B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155694473.000000000114B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
114B000
|
| Size: |
12288
|
|
|
3995000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003995000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3995000
|
| Size: |
8192
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159004552.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
4028000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000004028000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4028000
|
| Size: |
4096
|
|
|
17FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213537475.0000000017FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17FFF000
|
| Size: |
4096
|
|
|
4BDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BDF000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160341462.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108570939.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175030990.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980988129.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4648000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236603507.0000000004648000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4648000
|
| Size: |
32768
|
|
|
256E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151250106.000000000256E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
256E000
|
| Size: |
8192
|
|
|
8037000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238035751.0000000008037000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8037000
|
| Size: |
12288
|
|
|
3A47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210255465.0000000003A47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A47000
|
| Size: |
32768
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167188111.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116708210.0000000000C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C8E000
|
| Size: |
8192
|
|
|
18ACD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214548083.0000000018ACD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18ACD000
|
| Size: |
12288
|
|
|
1785E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213001289.000000001785E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1785E000
|
| Size: |
8192
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2168280128.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
53CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53CB000
|
| Size: |
8192
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161465257.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
450B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204171460.000000000450B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450B000
|
| Size: |
8192
|
|
|
16FED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146621254.0000000016FED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16FED000
|
| Size: |
12288
|
|
|
7EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237851123.0000000007EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EF0000
|
| Size: |
4096
|
|
|
1780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203215694.0000000001780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1780000
|
| Size: |
4096
|
|
|
A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2900210098.0000000000A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
7C8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237770553.0000000007C8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C8F000
|
| Size: |
4096
|
|
|
4BDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151603647.0000000004BDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BDE000
|
| Size: |
4096
|
|
|
115A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108947597.000000000115A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115A000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980552518.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
7CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150855662.00000000007CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CC000
|
| Size: |
16384
|
|
|
450B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204338253.000000000450B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450B000
|
| Size: |
8192
|
|
|
14DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202381025.00000000014DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14DE000
|
| Size: |
8192
|
|
|
169AE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2153817402.00000000169AE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
169AE000
|
| Size: |
8192
|
|
|
487C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224124469.000000000487C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
487C000
|
| Size: |
16384
|
|
|
3FEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000003FEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FEA000
|
| Size: |
24576
|
|
|
27C2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.2117069525.00000000027C2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
27C2000
|
| Size: |
86016
|
|
|
3FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC0000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169912950.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176334946.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108962887.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
49152
|
|
|
25FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151286190.00000000025FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25FB000
|
| Size: |
20480
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176715520.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
DB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116805122.0000000000DB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB6000
|
| Size: |
12288
|
|
|
488F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224374515.000000000488F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
488F000
|
| Size: |
69632
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2204815778.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
20480
|
|
|
4516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207215115.0000000004516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4516000
|
| Size: |
24576
|
|
|
362B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2203617638.000000000362B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
362B000
|
| Size: |
8192
|
|
|
870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150874464.0000000000870000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982308504.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
1686E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2119529478.000000001686E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1686E000
|
| Size: |
8192
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2205578638.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
4096
|
|
|
7DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116597764.00000000007DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DC000
|
| Size: |
16384
|
|
|
E10000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116868575.0000000000E10000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
16384
|
|
|
5B87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204570163.0000000005B87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B87000
|
| Size: |
1236992
|
|
|
48C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.00000000048C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48C8000
|
| Size: |
8192
|
|
|
3D44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234281377.0000000003D44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D44000
|
| Size: |
12288
|
|
|
4892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224449278.0000000004892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4892000
|
| Size: |
57344
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2167456671.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160867993.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177234499.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
7FC50000
|
trusted library allocation
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3238819831.000000007FC50000.00000020.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute read
|
| Base address: |
7FC50000
|
| Size: |
4096
|
|
|
400A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.000000000400A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
400A000
|
| Size: |
4096
|
|
|
EFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EFA000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981937816.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
4860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222809639.0000000004860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4860000
|
| Size: |
131072
|
|
|
4834000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222345583.0000000004834000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4834000
|
| Size: |
49152
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2120382696.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
39EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39EC000
|
| Size: |
16384
|
|
|
A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114463789.0000000000A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
20480
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154825142.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
3A3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.0000000003A3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A3D000
|
| Size: |
20480
|
|
|
4495000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2221077529.0000000004495000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4495000
|
| Size: |
45056
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158577995.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2203468433.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
24576
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155932710.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
49152
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175441442.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
D95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156915819.0000000000D95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D95000
|
| Size: |
4096
|
|
|
18890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214334666.0000000018890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18890000
|
| Size: |
114688
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160236773.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
237568
|
|
|
AF63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000AF63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AF63000
|
| Size: |
532480
|
|
|
F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000000F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F20000
|
| Size: |
36864
|
|
|
188C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214334666.00000000188C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
188C0000
|
| Size: |
339968
|
|
|
39EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39EA000
|
| Size: |
4096
|
|
|
B15C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B15C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B15C000
|
| Size: |
290816
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980008698.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
15E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129658396.00000000015E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E0000
|
| Size: |
16384
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176025271.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
171FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154094010.00000000171FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
171FE000
|
| Size: |
8192
|
|
|
1739A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212398767.000000001739A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1739A000
|
| Size: |
24576
|
|
|
4833000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222289119.0000000004833000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4833000
|
| Size: |
53248
|
|
|
B030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B030000
|
| Size: |
45056
|
|
|
3A28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210141425.0000000003A28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A28000
|
| Size: |
20480
|
|
|
3A3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A3D000
|
| Size: |
20480
|
|
|
578D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2204470380.000000000578D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
578D000
|
| Size: |
12288
|
|
|
4A8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004A8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A8A000
|
| Size: |
4096
|
|
|
1888D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214173153.000000001888D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1888D000
|
| Size: |
12288
|
|
|
1717E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212266093.000000001717E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1717E000
|
| Size: |
8192
|
|
|
AAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2114479237.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AAB000
|
| Size: |
36864
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2176074666.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177687481.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
483C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222611702.000000000483C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
483C000
|
| Size: |
16384
|
|
|
3F84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F84000
|
| Size: |
24576
|
|
|
6CB8F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2120074484.000000006CB8F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6CB8F000
|
| Size: |
4096
|
|
|
86E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238159187.00000000086E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86E8000
|
| Size: |
4096
|
|
|
15DDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210500542.0000000015DDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15DDD000
|
| Size: |
12288
|
|
|
4028000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695263860.0000000004028000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4028000
|
| Size: |
4096
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156563372.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
4096
|
|
|
2701000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.0000000002701000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2701000
|
| Size: |
184320
|
|
|
4865000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2223062540.0000000004865000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4865000
|
| Size: |
110592
|
|
|
15CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2129597487.00000000015CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15CC000
|
| Size: |
16384
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981917432.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
E7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161040889.0000000000E7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E7F000
|
| Size: |
4096
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980788310.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
7FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237985466.0000000007FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7FA0000
|
| Size: |
4096
|
|
|
4634000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3236603507.0000000004634000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4634000
|
| Size: |
4096
|
|
|
2EF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2143319417.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EF0000
|
| Size: |
16384
|
|
|
48CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3237479573.00000000048CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48CA000
|
| Size: |
28672
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2158827761.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
6F571000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000002.2214877649.000000006F571000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
6F571000
|
| Size: |
233472
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2177418021.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
1743D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2154150310.000000001743D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1743D000
|
| Size: |
12288
|
|
|
3A2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209679271.0000000003A2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A2D000
|
| Size: |
8192
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160948766.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175800211.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
E18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174447311.0000000000E18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E18000
|
| Size: |
94208
|
|
|
172A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212398767.00000000172A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
172A0000
|
| Size: |
1019904
|
|
|
15E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2210636597.0000000015E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E30000
|
| Size: |
4096
|
|
|
173E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212645062.00000000173E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
173E2000
|
| Size: |
16384
|
|
|
8180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3238109932.0000000008180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8180000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2169571616.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2900246204.0000000000A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A10000
|
| Size: |
65536
|
|
|
4509000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206436631.0000000004509000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4509000
|
| Size: |
12288
|
|
|
4837000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2222435161.0000000004837000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4837000
|
| Size: |
36864
|
|
|
EC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151017908.0000000000EC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC9000
|
| Size: |
24576
|
|
|
39B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39B7000
|
| Size: |
114688
|
|
|
3870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233304300.0000000003870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3870000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F90000
|
| Size: |
8192
|
|
|
1158000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108928034.0000000001158000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1158000
|
| Size: |
20480
|
|
|
1004000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000001004000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1004000
|
| Size: |
110592
|
|
|
179ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2146822248.00000000179ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
179ED000
|
| Size: |
12288
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982044369.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
D8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156992492.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D8D000
|
| Size: |
16384
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980424368.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
140F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.000000000140F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140F000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
77C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150831704.000000000077C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77C000
|
| Size: |
16384
|
|
|
3846000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233206508.0000000003846000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3846000
|
| Size: |
40960
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2164574475.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161134006.0000000000F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F20000
|
| Size: |
4096
|
|
|
4BAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2117289646.0000000004BAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BAF000
|
| Size: |
4096
|
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982293304.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA5000
|
| Size: |
4096
|
|
|
2649000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2151305434.0000000002649000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2649000
|
| Size: |
28672
|
|
|
7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2212262532.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC0000
|
| Size: |
4096
|
|
|
2FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232732394.0000000002FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDF000
|
| Size: |
4096
|
|
|
450D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2206436631.000000000450D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450D000
|
| Size: |
8192
|
|
|
F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157375563.0000000000F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F5E000
|
| Size: |
8192
|
|
|
17C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2213301397.0000000017C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17C1F000
|
| Size: |
4096
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2175362709.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
4096
|
|
|
F6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116903983.0000000000F6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6F000
|
| Size: |
544768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2108818779.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B0000
|
| Size: |
77824
|
|
|
6CB7A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2154250885.000000006CB7A000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB7A000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
18690000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2214063140.0000000018690000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18690000
|
| Size: |
1048576
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1980091321.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
10FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.2155670143.00000000010FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FE000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154938319.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
DC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174482349.0000000000DC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC3000
|
| Size: |
16384
|
|
|
2E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154963134.0000000002E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
4096
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3232061437.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
417792
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3FB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB8000
|
| Size: |
8192
|
|
|
ADCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000ADCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ADCB000
|
| Size: |
1572864
|
|
|
B02A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2206256867.000000000B02A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B02A000
|
| Size: |
12288
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154461801.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
D6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.2116774395.0000000000D6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D6C000
|
| Size: |
16384
|
|
|
11B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1981619043.00000000011B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B5000
|
| Size: |
122880
|
|
|
3FCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3234751769.0000000003FCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FCA000
|
| Size: |
4096
|
|
|
39B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2208677698.00000000039B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39B7000
|
| Size: |
114688
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2160427051.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4008000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3235719493.0000000004008000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4008000
|
| Size: |
4096
|
|
|
53CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2144382871.00000000053CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53CE000
|
| Size: |
4096
|
|
|
4879000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2224097567.0000000004879000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4879000
|
| Size: |
28672
|
|
|
D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2159222412.0000000000D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D74000
|
| Size: |
4096
|
|
|
3FDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2694952507.0000000003FDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FDA000
|
| Size: |
4096
|
|
|
39D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233396326.00000000039D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D8000
|
| Size: |
12288
|
|
|
16C3D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2212142960.0000000016C3D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
16C3D000
|
| Size: |
12288
|
|
|
4034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4034000
|
| Size: |
4096
|
|
|
2BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2161489341.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BD0000
|
| Size: |
4096
|
|
|
4028000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2695642117.0000000004028000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4028000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.2154504144.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1982168286.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
8192
|
|
|
9FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2150959462.00000000009FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FE000
|
| Size: |
8192
|
|
|
14B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2128759971.00000000014B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B8000
|
| Size: |
28672
|
|
|
3867000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3233238964.0000000003867000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3867000
|
| Size: |
32768
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2161682200.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
FEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2202047235.0000000000FEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FEC000
|
| Size: |
16384
|
|
|
6CB90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2154294526.000000006CB90000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CB90000
|
| Size: |
122880
|
|
|
26B4000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2151363790.00000000026B4000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26B4000
|
| Size: |
12288
|
|
|
177E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2203186770.000000000177E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
177E000
|
| Size: |
8192
|
|
