|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708673624.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
688128
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752871155.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764905724.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
2360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791040074.0000000002360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2360000
|
| Size: |
8192
|
|
|
19BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203946267.00000000019BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19BE000
|
| Size: |
8192
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000025.00000000.3734025466.0000000000891000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
585728
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1778797344.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844964583.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4427000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686651691.0000000004427000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4427000
|
| Size: |
303104
|
|
|
518F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807331188.000000000518F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
518F000
|
| Size: |
4096
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858519387.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
1C84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690059570.0000000001C84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C84000
|
| Size: |
520192
|
|
|
1A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688534850.0000000001A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A80000
|
| Size: |
1318912
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783342236.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
DCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202983776.0000000000DCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCD000
|
| Size: |
12288
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755773309.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
1000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203572227.0000000001000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1000000
|
| Size: |
106496
|
|
|
27BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757174958.00000000027BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
110592
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1817378042.0000000000890000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858610258.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
27B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1768838279.00000000027B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B2000
|
| Size: |
16384
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752871155.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1855163273.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873794943.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
6B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.1850594095.00000000006B0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6B0000
|
| Size: |
147456
|
|
|
497E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712145163.000000000497E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497E000
|
| Size: |
737280
|
|
|
4953000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3701875281.0000000004953000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4953000
|
| Size: |
614400
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812244742.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F9000
|
| Size: |
73728
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826855554.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1780782373.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3C4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205539605.0000000003C4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4A000
|
| Size: |
36864
|
|
|
27B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1778865465.00000000027B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B4000
|
| Size: |
147456
|
|
|
6E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.1850685413.00000000006E8000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6E8000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DBEB0FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854080638.000000DBEB0FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEB0FF000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754580372.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
2DB24428000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851773167.000002DB24428000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24428000
|
| Size: |
16384
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844384205.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
1400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000025.00000002.4203013330.0000000001400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1400000
|
| Size: |
1662976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689662173.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
491520
|
|
|
17FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17FD000
|
| Size: |
12288
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845069685.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4947000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691318956.0000000004947000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4947000
|
| Size: |
536576
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874294331.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
4965000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709248984.0000000004965000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4965000
|
| Size: |
692224
|
|
|
3AED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205230453.0000000003AED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AED000
|
| Size: |
8192
|
|
|
33AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791596004.00000000033AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33AC000
|
| Size: |
16384
|
|
|
495B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3699582650.000000000495B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495B000
|
| Size: |
598016
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1831232304.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
945000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000000.3734086151.0000000000945000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
945000
|
| Size: |
40960
|
|
|
E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806928953.0000000000E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E8E000
|
| Size: |
8192
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1774034627.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858796770.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
32D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204484770.00000000032D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D4000
|
| Size: |
8192
|
|
|
494B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691171428.000000000494B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
494B000
|
| Size: |
532480
|
|
|
DBEA9FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1853917891.000000DBEA9FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEA9FE000
|
| Size: |
8192
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873552377.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827396605.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858702472.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
1806000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.0000000001806000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1806000
|
| Size: |
4096
|
|
|
494D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691947026.000000000494D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
494D000
|
| Size: |
552960
|
|
|
48B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707261308.00000000048B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B0000
|
| Size: |
663552
|
|
|
43CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685387956.00000000043CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43CD000
|
| Size: |
434176
|
|
|
621000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000010.00000002.4202664877.0000000000621000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
621000
|
| Size: |
585728
|
|
|
48BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709674558.00000000048BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BF000
|
| Size: |
700416
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764905724.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1765651797.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776810688.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813738213.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F9000
|
| Size: |
73728
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781458968.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1786273260.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
3F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961800892.0000000003F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F6E000
|
| Size: |
8192
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692981579.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
565248
|
|
|
496B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706490962.000000000496B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496B000
|
| Size: |
647168
|
|
|
3440000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204384257.0000000003440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3440000
|
| Size: |
4096
|
|
|
48B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709125185.00000000048B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B0000
|
| Size: |
692224
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1767367707.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845582851.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1758743176.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754054360.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784280135.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
27C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751422943.00000000027C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27C0000
|
| Size: |
16384
|
|
|
4946000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692169365.0000000004946000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4946000
|
| Size: |
557056
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1750563567.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
12288
|
|
|
ECF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1851110698.0000000000ECF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ECF000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1822737053.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
658000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961761956.0000000000658000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
658000
|
| Size: |
45056
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689193407.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1421312
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1750531291.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
30C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813573231.00000000030C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C8000
|
| Size: |
69632
|
|
|
48B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693204439.00000000048B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B9000
|
| Size: |
573440
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1854741612.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
65536
|
|
|
443B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687278331.000000000443B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
443B000
|
| Size: |
1044480
|
|
|
494D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690698040.000000000494D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
494D000
|
| Size: |
528384
|
|
|
34AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791619204.00000000034AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34AC000
|
| Size: |
16384
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687809173.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
385024
|
|
|
15DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203311023.00000000015DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15DE000
|
| Size: |
8192
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1859374549.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
21DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790821481.00000000021DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
21DE000
|
| Size: |
8192
|
|
|
920000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000000.3734086151.0000000000920000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
920000
|
| Size: |
147456
|
|
|
94F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000025.00000000.3734139044.000000000094F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
94F000
|
| Size: |
8192
|
|
|
51A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202418146.000000000051A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51A000
|
| Size: |
24576
|
|
|
2FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806960729.0000000002FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDE000
|
| Size: |
8192
|
|
|
3AF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1820874444.0000000003AF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AF5000
|
| Size: |
5246976
|
|
|
621000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000010.00000000.1850532714.0000000000621000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
621000
|
| Size: |
585728
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752430398.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
8192
|
|
|
2DB24416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1850901738.000002DB24416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24416000
|
| Size: |
102400
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776285804.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
DBEACFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1853979299.000000DBEACFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEACFF000
|
| Size: |
4096
|
|
|
D06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812883154.0000000000D06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D06000
|
| Size: |
8192
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764185175.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
45056
|
|
|
554E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204421922.000000000554E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
554E000
|
| Size: |
8192
|
|
|
580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202467100.0000000000580000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
580000
|
| Size: |
4096
|
|
|
500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789991394.0000000000500000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
27BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776320412.00000000027BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
12288
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1785473999.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1768658973.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
118E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204089826.000000000118E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
118E000
|
| Size: |
335872
|
|
|
4961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707341597.0000000004961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
667648
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1777946078.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
48BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693382977.00000000048BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BD000
|
| Size: |
577536
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.1850513939.0000000000620000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
620000
|
| Size: |
4096
|
|
|
4943000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3694218452.0000000004943000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4943000
|
| Size: |
581632
|
|
|
380A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204619868.000000000380A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
380A000
|
| Size: |
937984
|
|
|
1B89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689885519.0000000001B89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B89000
|
| Size: |
1548288
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858887389.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
4A0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705080586.0000000004A0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A0F000
|
| Size: |
630784
|
|
|
1A8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688989885.0000000001A8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A8C000
|
| Size: |
1409024
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845929689.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756395865.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
2190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790787912.0000000002190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2190000
|
| Size: |
16384
|
|
|
1122000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203910223.0000000001122000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1122000
|
| Size: |
49152
|
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807265989.00000000050CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CE000
|
| Size: |
8192
|
|
|
496D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707860742.000000000496D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496D000
|
| Size: |
679936
|
|
|
495B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3698985079.000000000495B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495B000
|
| Size: |
593920
|
|
|
1625000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203391817.0000000001625000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1625000
|
| Size: |
12288
|
|
|
4956000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3700662827.0000000004956000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4956000
|
| Size: |
606208
|
|
|
27BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1765697645.00000000027BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BC000
|
| Size: |
24576
|
|
|
3ACE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205202920.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3ACE000
|
| Size: |
36864
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1821877843.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
65536
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826755837.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1785473999.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707960488.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
679936
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687868082.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1191936
|
|
|
30E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813702385.00000000030E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E2000
|
| Size: |
90112
|
|
|
27AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791070812.00000000027AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27AF000
|
| Size: |
4096
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691877399.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
548864
|
|
|
333E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807093937.000000000333E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333E000
|
| Size: |
8192
|
|
|
2DB24380000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854172587.000002DB24380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24380000
|
| Size: |
8192
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873585519.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3265000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204020665.0000000003265000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3265000
|
| Size: |
729088
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1758371378.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
28672
|
|
|
4E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813831873.0000000004E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961744223.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3702570440.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
618496
|
|
|
37F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204565054.00000000037F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37F0000
|
| Size: |
102400
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1859489880.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
2230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790924022.0000000002230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2230000
|
| Size: |
4096
|
|
|
43C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685251820.00000000043C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43C7000
|
| Size: |
389120
|
|
|
497D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712790736.000000000497D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497D000
|
| Size: |
749568
|
|
|
11FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204227791.00000000011FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11FC000
|
| Size: |
151552
|
|
|
1829000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.0000000001829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1829000
|
| Size: |
4096
|
|
|
48BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711450746.00000000048BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BB000
|
| Size: |
729088
|
|
|
161D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203348493.000000000161D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
161D000
|
| Size: |
12288
|
|
|
4962000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706270590.0000000004962000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4962000
|
| Size: |
643072
|
|
|
4954000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693798245.0000000004954000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4954000
|
| Size: |
577536
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874524006.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
33E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204320005.00000000033E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E0000
|
| Size: |
4096
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709346729.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
696320
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806977586.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
16384
|
|
|
32FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807076506.00000000032FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FE000
|
| Size: |
8192
|
|
|
30DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812093742.00000000030DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
106496
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1777946078.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755773309.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3868303477.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1789389690.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
12288
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.4202627377.0000000000620000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
620000
|
| Size: |
4096
|
|
|
510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790027518.0000000000510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510000
|
| Size: |
4096
|
|
|
DBEAAFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1853950974.000000DBEAAFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEAAFF000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752430398.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3695677201.00000000048BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
585728
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829560625.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
3C08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205464839.0000000003C08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C08000
|
| Size: |
208896
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1786474060.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
98304
|
|
|
3019000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813363986.0000000003019000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3019000
|
| Size: |
4096
|
|
|
2DB243A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854199308.000002DB243A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243A0000
|
| Size: |
4096
|
|
|
27B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762133584.00000000027B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B3000
|
| Size: |
188416
|
|
|
E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203195884.0000000000E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E70000
|
| Size: |
4096
|
|
|
2DB2440C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851157277.000002DB2440C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2440C000
|
| Size: |
24576
|
|
|
1A97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689319425.0000000001A97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A97000
|
| Size: |
479232
|
|
|
27B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1778005914.00000000027B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B9000
|
| Size: |
45056
|
|
|
C7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812640342.0000000000C7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C7C000
|
| Size: |
16384
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202519816.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
8192
|
|
|
495A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3704635421.000000000495A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495A000
|
| Size: |
626688
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688642580.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
438272
|
|
|
27B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752500200.00000000027B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B7000
|
| Size: |
20480
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1772325835.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706390574.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
643072
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781490412.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
28672
|
|
|
1827000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3869733556.0000000001827000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1827000
|
| Size: |
4096
|
|
|
514E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807316479.000000000514E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
514E000
|
| Size: |
8192
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873947843.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
27B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757799480.00000000027B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B3000
|
| Size: |
65536
|
|
|
17F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F4000
|
| Size: |
16384
|
|
|
DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4202923901.0000000000DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1775494523.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
38F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204747916.00000000038F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38F0000
|
| Size: |
266240
|
|
|
2DB24680000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854639300.000002DB24680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24680000
|
| Size: |
16384
|
|
|
27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1763353787.00000000027B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
8192
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874374080.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
4F4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1789960441.00000000004F4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F4000
|
| Size: |
32768
|
|
|
2FF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806977586.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF6000
|
| Size: |
8192
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827030250.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813107982.0000000000E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5F000
|
| Size: |
4096
|
|
|
48BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713028211.00000000048BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BB000
|
| Size: |
749568
|
|
|
310D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813773057.000000000310D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
310D000
|
| Size: |
20480
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688703643.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1351680
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790171460.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844326573.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5ECF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204562300.0000000005ECF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ECF000
|
| Size: |
4096
|
|
|
3932000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204803401.0000000003932000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3932000
|
| Size: |
266240
|
|
|
953000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000025.00000002.4202715228.0000000000953000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
953000
|
| Size: |
8192
|
|
|
2DB2442D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854498186.000002DB2442D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2442D000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873182543.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1862114936.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
5DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204527512.0000000005DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DCE000
|
| Size: |
8192
|
|
|
309E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813507887.000000000309E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309E000
|
| Size: |
8192
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827271977.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
5BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753483906.00000000005BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BF000
|
| Size: |
4096
|
|
|
4971000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710573470.0000000004971000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4971000
|
| Size: |
716800
|
|
|
101B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203617586.000000000101B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101B000
|
| Size: |
258048
|
|
|
3B74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205364329.0000000003B74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B74000
|
| Size: |
266240
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203232810.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
24576
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829528435.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
4951000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3703983475.0000000004951000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4951000
|
| Size: |
622592
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1789370790.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
C3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812604468.0000000000C3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C3C000
|
| Size: |
16384
|
|
|
1B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689126749.0000000001B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B70000
|
| Size: |
475136
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1767992610.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874013008.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205634474.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF0000
|
| Size: |
4096
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690782543.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
532480
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762019652.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781970139.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858990933.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
48B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3703446823.00000000048B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B4000
|
| Size: |
622592
|
|
|
1A9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689553021.0000000001A9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A9A000
|
| Size: |
1478656
|
|
|
442A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686775480.000000000442A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
442A000
|
| Size: |
946176
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1843368016.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
237568
|
|
|
17B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203459849.00000000017B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B0000
|
| Size: |
12288
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783342236.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
3C3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205464839.0000000003C3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C3F000
|
| Size: |
8192
|
|
|
33DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204275418.00000000033DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DD000
|
| Size: |
12288
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845101909.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
1801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.0000000001801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1801000
|
| Size: |
16384
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826942652.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
3C7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205566786.0000000003C7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C7A000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
336F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791574810.000000000336F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
336F000
|
| Size: |
4096
|
|
|
2DB2440D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854393419.000002DB2440D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2440D000
|
| Size: |
20480
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826106715.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
237568
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776810688.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
27B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1761251830.00000000027B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B2000
|
| Size: |
57344
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754016241.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
2DB24416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB24416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24416000
|
| Size: |
24576
|
|
|
33AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.00000000033AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33AA000
|
| Size: |
65536
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764150256.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
2DB243F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851200902.000002DB243F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243F7000
|
| Size: |
86016
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757115985.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705272034.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
630784
|
|
|
43D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685702406.00000000043D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43D5000
|
| Size: |
503808
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1854937643.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
2DB243DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1850901738.000002DB243DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243DC000
|
| Size: |
106496
|
|
|
30C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813573231.00000000030C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C0000
|
| Size: |
28672
|
|
|
2DB243E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854235330.000002DB243E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243E1000
|
| Size: |
86016
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000000.3733998508.0000000000890000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845132522.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
48B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713553455.00000000048B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B4000
|
| Size: |
757760
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753545017.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
40960
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1779630858.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1774962778.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812883154.0000000000D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D00000
|
| Size: |
16384
|
|
|
1C36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688921853.0000000001C36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C36000
|
| Size: |
466944
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691231912.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
536576
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685788975.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
790528
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3868229593.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
2DB243F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854331799.000002DB243F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243F7000
|
| Size: |
32768
|
|
|
43D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685612655.00000000043D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43D3000
|
| Size: |
479232
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845254183.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706686696.0000000004961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
651264
|
|
|
3010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813363986.0000000003010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3010000
|
| Size: |
20480
|
|
|
48BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3700433848.00000000048BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BA000
|
| Size: |
602112
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1822222330.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
480000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961658933.0000000000480000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
480000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826542681.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845031027.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
87F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790602766.000000000087F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
87F000
|
| Size: |
4096
|
|
|
E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203167428.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789199348.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873752190.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1766576487.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1859075239.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
48B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692688720.00000000048B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B1000
|
| Size: |
561152
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687501785.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1110016
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829346456.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
495A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691675264.000000000495A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495A000
|
| Size: |
544768
|
|
|
33BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.00000000033BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33BC000
|
| Size: |
28672
|
|
|
48BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710032958.00000000048BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BE000
|
| Size: |
704512
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752923523.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
45056
|
|
|
1620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203391817.0000000001620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
16384
|
|
|
3390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204243273.0000000003390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3390000
|
| Size: |
4096
|
|
|
13FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4202967200.00000000013FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FB000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829275786.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
237568
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874871157.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826306832.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874158837.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1765651797.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000000.1817420685.0000000000891000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
585728
|
|
|
1829000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3869733556.0000000001829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1829000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845389415.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712264625.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
741376
|
|
|
5D8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204493412.0000000005D8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D8F000
|
| Size: |
4096
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688280149.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1261568
|
|
|
48B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707730344.00000000048B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B8000
|
| Size: |
675840
|
|
|
27B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1780427591.00000000027B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B5000
|
| Size: |
188416
|
|
|
1827000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.0000000001827000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1827000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D5B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4202839337.0000000000D5B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D5B000
|
| Size: |
20480
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844778875.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1774962778.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687417969.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
1069056
|
|
|
EE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1853318152.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE1000
|
| Size: |
131072
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874777990.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
E98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203232810.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E98000
|
| Size: |
159744
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826650189.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
27B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784975968.00000000027B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B4000
|
| Size: |
8192
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686979978.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
331776
|
|
|
1B3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688222367.0000000001B3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B3C000
|
| Size: |
421888
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1859159445.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
43D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685454634.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
454656
|
|
|
2DB2441F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853420119.000002DB2441F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2441F000
|
| Size: |
24576
|
|
|
4959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3697515827.0000000004959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4959000
|
| Size: |
589824
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873445751.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
233E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790965641.000000000233E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
233E000
|
| Size: |
8192
|
|
|
4A6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1828150960.0000000004A6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A6E000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753483906.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
DBEAFFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854055205.000000DBEAFFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEAFFF000
|
| Size: |
4096
|
|
|
ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1851078087.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ED0000
|
| Size: |
69632
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1857162158.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
2DB243F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB243F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243F7000
|
| Size: |
86016
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873900744.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812698951.0000000000CE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
5C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204460518.0000000005C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C8E000
|
| Size: |
8192
|
|
|
2DB24427000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853420119.000002DB24427000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24427000
|
| Size: |
4096
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762834485.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
102400
|
|
|
2DB24429000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853420119.000002DB24429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24429000
|
| Size: |
12288
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829445017.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756395865.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858557493.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
449B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685954544.000000000449B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
449B000
|
| Size: |
282624
|
|
|
4539000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686473642.0000000004539000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4539000
|
| Size: |
294912
|
|
|
DBEA8FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1853886660.000000DBEA8FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEA8FA000
|
| Size: |
24576
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873255063.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
6E3000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000010.00000000.1850646686.00000000006E3000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6E3000
|
| Size: |
8192
|
|
|
4A4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712909729.0000000004A4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A4A000
|
| Size: |
749568
|
|
|
128D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204297313.000000000128D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
128D000
|
| Size: |
8192
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873055789.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
5EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961726535.00000000005EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EF000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1777173311.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
12288
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874411475.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
495B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3701186537.000000000495B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495B000
|
| Size: |
610304
|
|
|
958000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000002.4202785920.0000000000958000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
958000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
441F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686104638.000000000441F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
441F000
|
| Size: |
864256
|
|
|
305F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813474795.000000000305F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305F000
|
| Size: |
4096
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3696665866.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
585728
|
|
|
49E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3694979563.00000000049E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49E9000
|
| Size: |
585728
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845164939.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812093742.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F9000
|
| Size: |
73728
|
|
|
48B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692048212.00000000048B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B1000
|
| Size: |
552960
|
|
|
27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1779699583.00000000027B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
32768
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1759039246.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
45056
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000025.00000002.4202465079.0000000000891000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
585728
|
|
|
2DB24370000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854143217.000002DB24370000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24370000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1789345408.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
953000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000025.00000000.3734139044.0000000000953000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
953000
|
| Size: |
8192
|
|
|
2DB2441C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851061304.000002DB2441C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2441C000
|
| Size: |
77824
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711693539.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
733184
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873683946.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873006267.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
237568
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858476849.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
2DB243F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1850901738.000002DB243F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243F7000
|
| Size: |
110592
|
|
|
2DB243E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB243E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243E1000
|
| Size: |
86016
|
|
|
9BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790744515.00000000009BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BF000
|
| Size: |
4096
|
|
|
DDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806882505.0000000000DDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDC000
|
| Size: |
16384
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202569229.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
16384
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1760721185.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
24576
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1843708882.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
6D5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.4202781597.00000000006D5000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6D5000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686700291.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
909312
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1766612880.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
65536
|
|
|
27B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1760216504.00000000027B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B1000
|
| Size: |
8192
|
|
|
510F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807299898.000000000510F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
510F000
|
| Size: |
4096
|
|
|
4960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707188082.0000000004960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
663552
|
|
|
40B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789411881.000000000040B000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40B000
|
| Size: |
4096
|
|
|
1B55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688804703.0000000001B55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B55000
|
| Size: |
1388544
|
|
|
4945000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692773974.0000000004945000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4945000
|
| Size: |
561152
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784886286.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1855538129.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688438667.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1277952
|
|
|
3BB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205411735.0000000003BB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3BB6000
|
| Size: |
331776
|
|
|
920000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1817508928.0000000000920000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
920000
|
| Size: |
147456
|
|
|
2DB243F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853779046.000002DB243F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243F7000
|
| Size: |
86016
|
|
|
4961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705417863.0000000004961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
634880
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874102445.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813142599.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F0E000
|
| Size: |
8192
|
|
|
5BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752871155.00000000005BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BF000
|
| Size: |
4096
|
|
|
43C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961636044.000000000043C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43C000
|
| Size: |
16384
|
|
|
44C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686901901.00000000044C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44C3000
|
| Size: |
966656
|
|
|
2DB2468C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854639300.000002DB2468C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2468C000
|
| Size: |
12288
|
|
|
DBEADFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854004888.000000DBEADFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEADFF000
|
| Size: |
4096
|
|
|
17B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203459849.00000000017B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B5000
|
| Size: |
8192
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826407023.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
48BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706592612.00000000048BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BD000
|
| Size: |
647168
|
|
|
F88000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203481053.0000000000F88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F88000
|
| Size: |
487424
|
|
|
D9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806861442.0000000000D9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9C000
|
| Size: |
16384
|
|
|
4967000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708054356.0000000004967000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4967000
|
| Size: |
684032
|
|
|
17F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F9000
|
| Size: |
8192
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1786273260.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
300E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813334966.000000000300E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
300E000
|
| Size: |
8192
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1763321180.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812319573.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30F9000
|
| Size: |
73728
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1774034627.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
48BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3700868145.00000000048BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BA000
|
| Size: |
606208
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845637555.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1822367912.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
958000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000000.3734182831.0000000000958000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
958000
|
| Size: |
143360
|
|
|
10DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203814622.00000000010DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10DD000
|
| Size: |
180224
|
|
|
E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806902195.0000000000E40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202983776.0000000000DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DFC000
|
| Size: |
16384
|
|
|
27B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1768032250.00000000027B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B1000
|
| Size: |
4096
|
|
|
2DB24630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854526316.000002DB24630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24630000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784280135.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
920000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000002.4202605318.0000000000920000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
920000
|
| Size: |
147456
|
|
|
39F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205031939.00000000039F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39F8000
|
| Size: |
266240
|
|
|
4952000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3700131757.0000000004952000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4952000
|
| Size: |
602112
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845538136.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874189398.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1828948310.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
11E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204171101.00000000011E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E1000
|
| Size: |
106496
|
|
|
32B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807041349.00000000032B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32B0000
|
| Size: |
20480
|
|
|
2DB24430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851112510.000002DB24430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24430000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1777173311.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1785473999.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
4959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693285686.0000000004959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4959000
|
| Size: |
573440
|
|
|
27B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776852925.00000000027B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B2000
|
| Size: |
12288
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757765013.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829596796.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
4962000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709457011.0000000004962000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4962000
|
| Size: |
696320
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1854829566.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
4971000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710170367.0000000004971000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4971000
|
| Size: |
708608
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1776285804.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
27B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1773105969.00000000027B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B7000
|
| Size: |
16384
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858499449.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1846091738.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690156966.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
524288
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686555364.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
892928
|
|
|
4988000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713160181.0000000004988000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4988000
|
| Size: |
749568
|
|
|
6B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.4202781597.00000000006B0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6B0000
|
| Size: |
147456
|
|
|
48B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690601417.00000000048B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B8000
|
| Size: |
528384
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783342236.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
326E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791544441.000000000326E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326E000
|
| Size: |
8192
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874449240.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827432246.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1859254461.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
2FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813295413.0000000002FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCF000
|
| Size: |
4096
|
|
|
33A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.00000000033A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33A1000
|
| Size: |
32768
|
|
|
2DB2440D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853667151.000002DB2440D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2440D000
|
| Size: |
20480
|
|
|
3AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205272549.0000000003AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AF0000
|
| Size: |
266240
|
|
|
3FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961835347.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3FF0000
|
| Size: |
20480
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1750504274.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
30DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813664462.00000000030DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
4096
|
|
|
48B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3699324462.00000000048B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B8000
|
| Size: |
593920
|
|
|
27B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1767410087.00000000027B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B4000
|
| Size: |
200704
|
|
|
3370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.0000000003370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3370000
|
| Size: |
28672
|
|
|
DDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202983776.0000000000DDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDD000
|
| Size: |
12288
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762019652.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829492884.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
27BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1759721243.00000000027BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BA000
|
| Size: |
139264
|
|
|
3B32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205319569.0000000003B32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B32000
|
| Size: |
266240
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1772325835.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
1ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203981606.0000000001ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1ABE000
|
| Size: |
8192
|
|
|
48B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3694045257.00000000048B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B1000
|
| Size: |
581632
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3698540171.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
589824
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3704279906.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
626688
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874060246.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858437512.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
237568
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827136725.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
2F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813248769.0000000002F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8E000
|
| Size: |
8192
|
|
|
EDF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1853361245.0000000000EDF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EDF000
|
| Size: |
8192
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686006902.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
839680
|
|
|
495B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3703013538.000000000495B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495B000
|
| Size: |
618496
|
|
|
4970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827991644.0000000004970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4970000
|
| Size: |
49152
|
|
|
494D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690913971.000000000494D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
494D000
|
| Size: |
532480
|
|
|
110A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203866869.000000000110A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
110A000
|
| Size: |
94208
|
|
|
945000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000002.4202605318.0000000000945000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
945000
|
| Size: |
40960
|
|
|
497F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711816084.000000000497F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497F000
|
| Size: |
733184
|
|
|
3A7C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205136969.0000000003A7C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A7C000
|
| Size: |
331776
|
|
|
2DB2441F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB2441F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2441F000
|
| Size: |
24576
|
|
|
48B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711117256.00000000048B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B5000
|
| Size: |
724992
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1758310208.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
4E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813800998.0000000004E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1F000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844591546.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
27BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755809806.00000000027BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BA000
|
| Size: |
131072
|
|
|
496E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710785504.000000000496E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496E000
|
| Size: |
720896
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873502595.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827353463.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
237568
|
|
|
17C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C0000
|
| Size: |
20480
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687358642.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
348160
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1768658973.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
5AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961706249.00000000005AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AE000
|
| Size: |
8192
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1785566908.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
147456
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813190430.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
5BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752430398.00000000005BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BF000
|
| Size: |
4096
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764964038.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
135168
|
|
|
1222000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204297313.0000000001222000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1222000
|
| Size: |
425984
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874625859.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784280135.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
6E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.4202920469.00000000006E8000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6E8000
|
| Size: |
143360
|
|
|
490000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961682949.0000000000490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
490000
|
| Size: |
20480
|
|
|
4A3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712541822.0000000004A3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A3F000
|
| Size: |
745472
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844639187.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
77E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790566838.000000000077E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77E000
|
| Size: |
8192
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961761956.0000000000650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
24576
|
|
|
48BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706115000.00000000048BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BE000
|
| Size: |
638976
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754016241.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1829717174.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4202876963.0000000000DC0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
4096
|
|
|
27B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783937876.00000000027B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B9000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
5E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.00000000005E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E2000
|
| Size: |
188416
|
|
|
39B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204985450.00000000039B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39B6000
|
| Size: |
266240
|
|
|
2DB24429000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB24429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24429000
|
| Size: |
12288
|
|
|
535000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790115483.0000000000535000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
535000
|
| Size: |
16384
|
|
|
4964000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706886293.0000000004964000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4964000
|
| Size: |
655360
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826209646.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
338E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204199000.000000000338E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1778797344.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3699957300.00000000048B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B9000
|
| Size: |
598016
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845435097.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3868322837.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844868063.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
461000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789411881.0000000000461000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
461000
|
| Size: |
8192
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845217224.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4978000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711588954.0000000004978000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4978000
|
| Size: |
729088
|
|
|
3378000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.0000000003378000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3378000
|
| Size: |
69632
|
|
|
41F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789411881.000000000041F000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
41F000
|
| Size: |
53248
|
|
|
221E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790873077.000000000221E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
221E000
|
| Size: |
8192
|
|
|
2DB24430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1850901738.000002DB24430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24430000
|
| Size: |
4096
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1854779957.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
2DB2442E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853644034.000002DB2442E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2442E000
|
| Size: |
4096
|
|
|
44AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686266484.00000000044AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
44AB000
|
| Size: |
876544
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1764150256.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
32B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807041349.00000000032B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32B7000
|
| Size: |
12288
|
|
|
1A64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687656161.0000000001A64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A64000
|
| Size: |
1159168
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757765013.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691735238.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
544768
|
|
|
43CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685312498.00000000043CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43CA000
|
| Size: |
409600
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844925515.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687039358.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
1019904
|
|
|
4A2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708951029.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A2A000
|
| Size: |
692224
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753483906.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1824379559.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
48B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707417118.00000000048B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B1000
|
| Size: |
667648
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762794438.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
2DB24416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853667151.000002DB24416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24416000
|
| Size: |
24576
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757115985.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
181B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000003.3868196302.000000000181B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
181B000
|
| Size: |
4096
|
|
|
48BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691608148.00000000048BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BD000
|
| Size: |
540672
|
|
|
17C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C7000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DC000
|
| Size: |
20480
|
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1812727193.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
4096
|
|
|
4F4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1750640655.00000000004F4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F4000
|
| Size: |
32768
|
|
|
2DB243C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854235330.000002DB243C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243C8000
|
| Size: |
81920
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1780878407.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
57344
|
|
|
48BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827991644.00000000048BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BD000
|
| Size: |
729088
|
|
|
2DB2442C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851551994.000002DB2442C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2442C000
|
| Size: |
12288
|
|
|
497A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712382356.000000000497A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497A000
|
| Size: |
741376
|
|
|
2DB24429000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853502916.000002DB24429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24429000
|
| Size: |
12288
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784352518.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
28672
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844108628.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844998424.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
2DB24685000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854639300.000002DB24685000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24685000
|
| Size: |
24576
|
|
|
5190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807345307.0000000005190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781970139.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202983776.0000000000DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBE000
|
| Size: |
8192
|
|
|
2DB24429000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854473565.000002DB24429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24429000
|
| Size: |
12288
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874727538.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
496B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708792517.000000000496B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496B000
|
| Size: |
692224
|
|
|
27B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1791273782.00000000027B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B2000
|
| Size: |
57344
|
|
|
30DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812244742.00000000030DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30DF000
|
| Size: |
102400
|
|
|
6DF000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000010.00000000.1850646686.00000000006DF000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6DF000
|
| Size: |
8192
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711983736.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
737280
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873831411.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.0000000000570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
570000
|
| Size: |
32768
|
|
|
4956000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3696189671.0000000004956000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4956000
|
| Size: |
585728
|
|
|
4397000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3686853310.0000000004397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4397000
|
| Size: |
319488
|
|
|
3318000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204020665.0000000003318000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3318000
|
| Size: |
49152
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1786273260.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
6D5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.1850594095.00000000006D5000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6D5000
|
| Size: |
40960
|
|
|
945000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1817508928.0000000000945000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
945000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873129600.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689387955.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1437696
|
|
|
2DB243C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854235330.000002DB243C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243C0000
|
| Size: |
28672
|
|
|
57A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.000000000057A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57A000
|
| Size: |
8192
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1767367707.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
5BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753528723.00000000005BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BF000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1860831699.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784886286.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
94F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000025.00000002.4202715228.000000000094F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
94F000
|
| Size: |
8192
|
|
|
27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1775553254.00000000027B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
24576
|
|
|
2DB24427000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853502916.000002DB24427000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24427000
|
| Size: |
4096
|
|
|
1B1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3687958688.0000000001B1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B1F000
|
| Size: |
1228800
|
|
|
4A1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709578856.0000000004A1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A1C000
|
| Size: |
700416
|
|
|
48B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691027529.00000000048B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B6000
|
| Size: |
532480
|
|
|
2DB243FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1853820319.000002DB243FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB243FF000
|
| Size: |
53248
|
|
|
8BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790670757.00000000008BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8BE000
|
| Size: |
8192
|
|
|
497E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1827991644.000000000497E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497E000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
51B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807361644.00000000051B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
1808000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.0000000001808000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1808000
|
| Size: |
12288
|
|
|
E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813004363.0000000000E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E1E000
|
| Size: |
8192
|
|
|
1C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204437115.0000000001C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C50000
|
| Size: |
12288
|
|
|
1A7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688384192.0000000001A7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A7D000
|
| Size: |
425984
|
|
|
496A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707653722.000000000496A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496A000
|
| Size: |
675840
|
|
|
49E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693129518.00000000049E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49E9000
|
| Size: |
569344
|
|
|
27BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1782013606.00000000027BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BC000
|
| Size: |
16384
|
|
|
1A72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688118383.0000000001A72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A72000
|
| Size: |
1249280
|
|
|
180D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.000000000180D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180D000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1821915376.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1843970858.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
4975000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3709777941.0000000004975000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4975000
|
| Size: |
704512
|
|
|
105B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203697849.000000000105B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
105B000
|
| Size: |
528384
|
|
|
4416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3685865470.0000000004416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4416000
|
| Size: |
827392
|
|
|
3974000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204869289.0000000003974000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3974000
|
| Size: |
266240
|
|
|
37F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1853388565.00000000037F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37F6000
|
| Size: |
1888256
|
|
|
3017000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813363986.0000000003017000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3017000
|
| Size: |
4096
|
|
|
112F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203966210.000000000112F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
112F000
|
| Size: |
172032
|
|
|
310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812218771.000000000310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
310C000
|
| Size: |
24576
|
|
|
3A3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205085060.0000000003A3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A3A000
|
| Size: |
266240
|
|
|
48B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707570062.00000000048B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B9000
|
| Size: |
671744
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781458968.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
4986000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713440710.0000000004986000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4986000
|
| Size: |
753664
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1779630858.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1812093742.000000000310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
310C000
|
| Size: |
24576
|
|
|
94F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.1817568641.000000000094F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
94F000
|
| Size: |
8192
|
|
|
497A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713689147.000000000497A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497A000
|
| Size: |
61440
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826161729.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
4964000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705912515.0000000004964000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4964000
|
| Size: |
638976
|
|
|
49DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691423050.00000000049DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49DD000
|
| Size: |
540672
|
|
|
497000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789411881.0000000000497000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
497000
|
| Size: |
4096
|
|
|
27BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1774066179.00000000027BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
36864
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845319312.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706795368.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
651264
|
|
|
27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756443651.00000000027B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B6000
|
| Size: |
49152
|
|
|
181E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.000000000181E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
181E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
27BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783400661.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BB000
|
| Size: |
204800
|
|
|
3326000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204020665.0000000003326000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3326000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1780782373.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
48B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710278134.00000000048B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B9000
|
| Size: |
708608
|
|
|
49BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1828150960.00000000049BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49BB000
|
| Size: |
729088
|
|
|
6DF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4202874696.00000000006DF000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6DF000
|
| Size: |
36864
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873329837.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
49D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692865295.00000000049D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49D7000
|
| Size: |
565248
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873648262.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
48B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705790301.00000000048B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B4000
|
| Size: |
638976
|
|
|
4A7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1828150960.0000000004A7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A7C000
|
| Size: |
147456
|
|
|
496B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708473616.000000000496B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496B000
|
| Size: |
688128
|
|
|
48B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705524577.00000000048B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B7000
|
| Size: |
634880
|
|
|
48B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710673499.00000000048B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B0000
|
| Size: |
716800
|
|
|
497E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3711294415.000000000497E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497E000
|
| Size: |
724992
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1766576487.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
DBEAEFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854032515.000000DBEAEFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEAEFF000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874481513.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1758310208.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
4096
|
|
|
1BE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3688060346.0000000001BE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1BE6000
|
| Size: |
413696
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1775494523.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
343E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4204353261.000000000343E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343E000
|
| Size: |
8192
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
2DB24430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851061304.000002DB24430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24430000
|
| Size: |
4096
|
|
|
3FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961818933.0000000003FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAF000
|
| Size: |
4096
|
|
|
604000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1858540151.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
604000
|
| Size: |
4096
|
|
|
3C54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205566786.0000000003C54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C54000
|
| Size: |
151552
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1822081897.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
57E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.000000000057E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57E000
|
| Size: |
172032
|
|
|
4947000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3693052305.0000000004947000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4947000
|
| Size: |
569344
|
|
|
2DB2440D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB2440D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB2440D000
|
| Size: |
20480
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1846058252.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
1DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1961612333.00000000001DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1DC000
|
| Size: |
16384
|
|
|
ECF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4203232810.0000000000ECF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ECF000
|
| Size: |
753664
|
|
|
27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1777226421.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
24576
|
|
|
327E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807026190.000000000327E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
327E000
|
| Size: |
8192
|
|
|
494B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3691800296.000000000494B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
494B000
|
| Size: |
548864
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1781400705.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845490916.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790239277.00000000005AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AB000
|
| Size: |
32768
|
|
|
27B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1782477787.00000000027B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B1000
|
| Size: |
8192
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1846022576.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
27C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1783937876.00000000027C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27C2000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826242537.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
4963000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3705667997.0000000004963000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4963000
|
| Size: |
638976
|
|
|
323E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807008503.000000000323E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
8192
|
|
|
2DB24400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854363092.000002DB24400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24400000
|
| Size: |
49152
|
|
|
27B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754616481.00000000027B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27B8000
|
| Size: |
49152
|
|
|
4960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707057007.0000000004960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
659456
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1780782373.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
2DB24427000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1852985004.000002DB24427000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24427000
|
| Size: |
4096
|
|
|
4E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1813854154.0000000004E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1874328240.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
5D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1784886286.00000000005D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D7000
|
| Size: |
4096
|
|
|
3AD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4205230453.0000000003AD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AD8000
|
| Size: |
73728
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1762794438.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
400C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1820362863.000000000400C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
400C000
|
| Size: |
1888256
|
|
|
4947000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3690450260.0000000004947000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4947000
|
| Size: |
524288
|
|
|
DBEB1FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854110978.000000DBEB1FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBEB1FE000
|
| Size: |
8192
|
|
|
32D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204484770.00000000032D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D0000
|
| Size: |
8192
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1849369874.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1821969650.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
48B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3712664692.00000000048B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B8000
|
| Size: |
745472
|
|
|
953000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.1817568641.0000000000953000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
953000
|
| Size: |
8192
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1806944580.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845976458.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1767992610.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
12288
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1845758509.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1758743176.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3706965266.00000000048B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B5000
|
| Size: |
655360
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873980205.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
2DB24416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851157277.000002DB24416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24416000
|
| Size: |
24576
|
|
|
17EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000025.00000002.4203516927.00000000017EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17EF000
|
| Size: |
8192
|
|
|
48B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3713317383.00000000048B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B9000
|
| Size: |
753664
|
|
|
4A2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710951303.0000000004A2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A2E000
|
| Size: |
720896
|
|
|
338E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1807114631.000000000338E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
73728
|
|
|
40B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1750598517.000000000040B000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40B000
|
| Size: |
4096
|
|
|
4601000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1844421450.0000000004601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4601000
|
| Size: |
4096
|
|
|
49FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3702143478.00000000049FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49FB000
|
| Size: |
614400
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1779630858.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000025.00000002.4202417916.0000000000890000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
37
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
5AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754580372.00000000005AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AF000
|
| Size: |
16384
|
|
|
3EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1873866654.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF1000
|
| Size: |
4096
|
|
|
27BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1775002864.00000000027BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
32768
|
|
|
2DB24430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851551994.000002DB24430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24430000
|
| Size: |
4096
|
|
|
48BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707124718.00000000048BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
659456
|
|
|
497E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710387453.000000000497E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497E000
|
| Size: |
712704
|
|
|
530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1790115483.0000000000530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
530000
|
| Size: |
16384
|
|
|
19B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3689752389.00000000019B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
19B1000
|
| Size: |
1511424
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1826350139.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
4096
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1855044034.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
176128
|
|
|
958000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1817611127.0000000000958000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
958000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1832567597.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
176128
|
|
|
2DB24416000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854393419.000002DB24416000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24416000
|
| Size: |
24576
|
|
|
48B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3708275548.00000000048B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B8000
|
| Size: |
684032
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1789278225.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
2DB24425000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1851112510.000002DB24425000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24425000
|
| Size: |
40960
|
|
|
2DB26260000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854766250.000002DB26260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB26260000
|
| Size: |
4096
|
|
|
115A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.4204010181.000000000115A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
115A000
|
| Size: |
208896
|
|
|
2DB24421000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1854447397.000002DB24421000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DB24421000
|
| Size: |
16384
|
|
|
5BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1763321180.00000000005BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB000
|
| Size: |
4096
|
|
|
48BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3710483862.00000000048BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48BB000
|
| Size: |
712704
|
|
|
496F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3707487272.000000000496F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
496F000
|
| Size: |
671744
|
|
|
48B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3701559892.00000000048B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48B3000
|
| Size: |
610304
|
|
|
32EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1853947783.00000000032EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32EA000
|
| Size: |
5246976
|
|
|
49D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.3692442738.00000000049D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49D8000
|
| Size: |
557056
|
|
