|
C91000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
00000013.00000002.3380692665.0000000000C91000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C91000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
| Sample uses string decryption to hide its real strings |
AV Detection |
|
|
|
C91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291105783.0000000000C91000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C91000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
C01000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305233285.0000000000C01000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C01000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
C91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282631312.0000000000C91000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C91000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
C01000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241822249.0000000000C01000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C01000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
34FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284180224.00000000034FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
4096
|
|
|
178E3C54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156818091.00000178E3C54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C54000
|
| Size: |
4096
|
|
|
147C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210506665.000000000147C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147C000
|
| Size: |
61440
|
|
|
13043403000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.0000013043403000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043403000
|
| Size: |
4096
|
|
|
1038000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131876964.0000000001038000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1038000
|
| Size: |
86016
|
|
|
2B7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382329731.0000000002B7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7C000
|
| Size: |
16384
|
|
|
10C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140553570.00000000010C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C6000
|
| Size: |
16384
|
|
|
7E25000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187513502.0000000007E25000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E25000
|
| Size: |
98304
|
|
|
9F6153000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211551055.00000009F6153000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6153000
|
| Size: |
53248
|
|
|
69AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183681844.00000000069AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69AB000
|
| Size: |
20480
|
|
|
31CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244192220.00000000031CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CF000
|
| Size: |
4096
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293696370.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2190289582.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2237892944.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
CFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000CFB000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CFB000
|
| Size: |
1626112
|
|
|
139E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243109979.000000000139E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
139E000
|
| Size: |
8192
|
|
|
178E3CF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157597111.00000178E3CF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CF2000
|
| Size: |
24576
|
|
|
2F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
126976
|
|
|
7300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186169130.0000000007300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7300000
|
| Size: |
65536
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250886001.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
696D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183657280.000000000696D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
696D000
|
| Size: |
12288
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2306719635.00000000011C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
4096
|
|
|
45CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245060385.00000000045CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CF000
|
| Size: |
4096
|
|
|
678E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183385570.000000000678E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
678E000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2236885138.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
FB1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000E.00000000.2225425384.0000000000FB1000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB1000
|
| Size: |
1732608
|
|
|
334F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292505112.000000000334F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334F000
|
| Size: |
4096
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2242480751.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
13043610000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2242485766.0000013043610000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
13043610000
|
| Size: |
4096
|
|
|
7FFD342A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300524809.00007FFD342A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD342A6000
|
| Size: |
24576
|
|
|
41BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383248370.00000000041BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41BF000
|
| Size: |
4096
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2235540841.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
45D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179305121.00000000045D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45D0000
|
| Size: |
4096
|
|
|
1305D607000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2298841343.000001305D607000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1305D607000
|
| Size: |
4096
|
|
|
72C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185966235.00000000072C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72C0000
|
| Size: |
65536
|
|
|
2F0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136584021.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
8192
|
|
|
2EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134501837.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF1000
|
| Size: |
77824
|
|
|
414E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293108992.000000000414E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
414E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2207768028.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214796543.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
8192
|
|
|
448E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315579028.000000000448E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448E000
|
| Size: |
8192
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135006944.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
4096
|
|
|
940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379718519.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
4096
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131152430.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
28672
|
|
|
8229000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187937193.0000000008229000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8229000
|
| Size: |
16384
|
|
|
1156000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000002.2283510293.0000000001156000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1156000
|
| Size: |
8192
|
|
|
9F6BBB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212809847.00000009F6BBB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6BBB000
|
| Size: |
20480
|
|
|
A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138867374.0000000000A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
8192
|
|
|
719E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185439165.000000000719E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
719E000
|
| Size: |
8192
|
|
|
180E5B5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B5E000
|
| Size: |
24576
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781029725.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
13043600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2242298392.0000013043600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13043600000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764280976.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
178E3CF9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157597111.00000178E3CF9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CF9000
|
| Size: |
77824
|
|
|
84FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2188501573.00000000084FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84FB000
|
| Size: |
20480
|
|
|
465E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179350130.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780245410.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781389332.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
C6B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000C6B000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C6B000
|
| Size: |
1626112
|
|
|
4B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285156595.0000000004B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2222009502.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
180E6260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2158058872.00000180E6260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E6260000
|
| Size: |
12288
|
|
|
178E3EA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157793181.00000178E3EA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3EA6000
|
| Size: |
20480
|
|
|
394F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244509523.000000000394F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394F000
|
| Size: |
4096
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379613822.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
16384
|
|
|
C91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000000.2214435120.0000000000C91000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C91000
|
| Size: |
393216
|
|
|
444F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315552245.000000000444F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444F000
|
| Size: |
4096
|
|
|
1305D600000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2298841343.000001305D600000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1305D600000
|
| Size: |
20480
|
|
|
69EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183710664.00000000069EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69EE000
|
| Size: |
8192
|
|
|
6FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246057145.0000000006FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FBE000
|
| Size: |
8192
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293660285.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
CF2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000000.2214435120.0000000000CF2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CF2000
|
| Size: |
16384
|
|
|
2F4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134532761.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4A000
|
| Size: |
49152
|
|
|
F21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.2177454642.0000000000F21000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F21000
|
| Size: |
1732608
|
|
|
178E3D26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2153567609.00000178E3D26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D26000
|
| Size: |
65536
|
|
|
4C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293476047.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C80000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292559962.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250973473.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
180E5F25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155465561.00000180E5F25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5F25000
|
| Size: |
4096
|
|
|
54ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385270695.00000000054ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54ED000
|
| Size: |
12288
|
|
|
F0A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000F0A000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F0A000
|
| Size: |
24576
|
|
|
380E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312447591.000000000380E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380E000
|
| Size: |
8192
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201455983.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
13044F65000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2247469077.0000013044F65000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13044F65000
|
| Size: |
24576
|
|
|
C90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000013.00000000.2739699397.0000000000C90000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
7FFD34200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300251834.00007FFD34200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34200000
|
| Size: |
40960
|
|
|
10C4000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2242738304.00000000010C4000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
10C4000
|
| Size: |
8192
|
|
|
7F280000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2188753665.000000007F280000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F280000
|
| Size: |
4096
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138927071.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
4096
|
|
|
31CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309588615.00000000031CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CE000
|
| Size: |
8192
|
|
|
3F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314462209.0000000003F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F4F000
|
| Size: |
4096
|
|
|
318E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309482315.000000000318E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
318E000
|
| Size: |
8192
|
|
|
F9A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000F9A000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F9A000
|
| Size: |
24576
|
|
|
67CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183431843.00000000067CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67CE000
|
| Size: |
8192
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2747675504.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
10AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140490630.00000000010AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10AB000
|
| Size: |
8192
|
|
|
C01000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000C.00000000.2206692647.0000000000C01000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C01000
|
| Size: |
393216
|
|
|
5DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379499121.00000000005DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DD000
|
| Size: |
12288
|
|
|
F54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139036796.0000000000F54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F54000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6810000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2183510618.0000000006810000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6810000
|
| Size: |
12288
|
|
|
44CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293251440.00000000044CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CF000
|
| Size: |
4096
|
|
|
7D20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2186412914.0000000007D20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7D20000
|
| Size: |
28672
|
|
|
57A0CF6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2156936179.00000057A0CF6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A0CF6000
|
| Size: |
40960
|
|
|
3A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382951007.0000000003A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A3F000
|
| Size: |
4096
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242851677.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
24576
|
|
|
178E3D9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3D9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D9E000
|
| Size: |
4096
|
|
|
CF2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282631312.0000000000CF2000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF2000
|
| Size: |
20480
|
|
|
510E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385016614.000000000510E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
510E000
|
| Size: |
8192
|
|
|
1465000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215263160.0000000001465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1465000
|
| Size: |
12288
|
|
|
F7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128509376.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F7E000
|
| Size: |
4096
|
|
|
13043447000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.0000013043447000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043447000
|
| Size: |
20480
|
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290847769.00000000003C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C0000
|
| Size: |
4096
|
|
|
F43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139036796.0000000000F43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F43000
|
| Size: |
4096
|
|
|
2B95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138936697.0000000002B95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B95000
|
| Size: |
16384
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2194398952.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2186826848.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
1305D47D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2297512660.000001305D47D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D47D000
|
| Size: |
184320
|
|
|
433E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383342558.000000000433E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
433E000
|
| Size: |
8192
|
|
|
498F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245206346.000000000498F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498F000
|
| Size: |
4096
|
|
|
30CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244166561.00000000030CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CE000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779997055.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781272128.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243683154.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
86016
|
|
|
9F6938000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211971761.00000009F6938000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6938000
|
| Size: |
20480
|
|
|
447E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383394202.000000000447E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
447E000
|
| Size: |
8192
|
|
|
10C6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000C.00000002.2306644842.00000000010C6000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
10C6000
|
| Size: |
8192
|
|
|
178E3BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157161877.00000178E3BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3BC0000
|
| Size: |
4096
|
|
|
99A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138774709.000000000099A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99A000
|
| Size: |
24576
|
|
|
410E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244867609.000000000410E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
8192
|
|
|
178E3D0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157597111.00000178E3D0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D0E000
|
| Size: |
4096
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128040835.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
311296
|
|
|
10C6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.2242763521.00000000010C6000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
10C6000
|
| Size: |
8192
|
|
|
7FFD34420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302030026.00007FFD34420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34420000
|
| Size: |
65536
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2240363630.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
98304
|
|
|
180E5E3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156874443.00000180E5E3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E3A000
|
| Size: |
24576
|
|
|
410F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293087609.000000000410F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410F000
|
| Size: |
4096
|
|
|
89DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246246086.00000000089DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89DC000
|
| Size: |
16384
|
|
|
5721000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2182361859.0000000005721000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5721000
|
| Size: |
28672
|
|
|
6EA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184198049.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EA2000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2758547153.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
FA1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000FA1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FA1000
|
| Size: |
45056
|
|
|
403F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284588235.000000000403F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
403F000
|
| Size: |
4096
|
|
|
65B0000
|
trusted library allocation
|
page execute
|
|
|
|
| Name: |
00000004.00000003.2134030229.00000000065B0000.00000010.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute
|
| Base address: |
65B0000
|
| Size: |
4096
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178549298.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
24576
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238786611.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
180E5E33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155422289.00000180E5E33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E33000
|
| Size: |
4096
|
|
|
F9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128948525.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
356352
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2260149070.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
338F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310628733.000000000338F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338F000
|
| Size: |
4096
|
|
|
186F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309250259.000000000186F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
186F000
|
| Size: |
4096
|
|
|
F28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140018043.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F28000
|
| Size: |
98304
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238923188.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2762030639.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
754000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2127441013.0000000000754000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
754000
|
| Size: |
114688
|
|
|
1492000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210982554.0000000001492000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1492000
|
| Size: |
40960
|
|
|
13055717000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2291519677.0000013055717000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13055717000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780409876.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179052022.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4224000
|
| Size: |
36864
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2215029094.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
7FFD34460000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302613631.00007FFD34460000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34460000
|
| Size: |
65536
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183456071.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
F6E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000F6E000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F6E000
|
| Size: |
106496
|
|
|
6291000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2142766891.0000000006291000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6291000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2231524865.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241901752.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
130433D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214937707.00000130433D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433D2000
|
| Size: |
45056
|
|
|
1640000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307470307.0000000001640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1640000
|
| Size: |
4096
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250865010.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215045107.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
8192
|
|
|
3D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292965132.0000000003D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D8E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208861181.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2193611156.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
2C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382355255.0000000002C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7F000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2204269607.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2761858070.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2215099589.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
CF2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380692665.0000000000CF2000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF2000
|
| Size: |
20480
|
|
|
6D61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184043707.0000000006D61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D61000
|
| Size: |
225280
|
|
|
2F04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F04000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183536984.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
C01000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.2177363076.0000000000C01000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C01000
|
| Size: |
393216
|
|
|
F21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000F21000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F21000
|
| Size: |
4096
|
|
|
1095000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131047760.0000000001095000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1095000
|
| Size: |
98304
|
|
|
2EA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139107349.0000000002EA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA6000
|
| Size: |
8192
|
|
|
1493000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210760949.0000000001493000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1493000
|
| Size: |
36864
|
|
|
FE9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134523819.0000000000FE9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE9000
|
| Size: |
16384
|
|
|
2F4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135030590.0000000002F4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4D000
|
| Size: |
36864
|
|
|
6D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183995336.0000000006D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D0E000
|
| Size: |
8192
|
|
|
180E5B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157990873.00000180E5B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5B80000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763470960.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
49152
|
|
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304518037.00007FFD34560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34560000
|
| Size: |
32768
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262301585.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
178E3D1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157697425.00000178E3D1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D1F000
|
| Size: |
12288
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780940210.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
9AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.00000000009AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9AB000
|
| Size: |
229376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382480485.0000000002F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
8192
|
|
|
3DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284520144.0000000003DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DFE000
|
| Size: |
8192
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241938091.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
14DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283706209.00000000014DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14DF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209102133.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1347000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242988016.0000000001347000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1347000
|
| Size: |
32768
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2221150017.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
424F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293134957.000000000424F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781214373.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
146D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215263160.000000000146D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146D000
|
| Size: |
65536
|
|
|
1156000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000013.00000002.3382226814.0000000001156000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1156000
|
| Size: |
8192
|
|
|
13043630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2244548484.0000013043630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043630000
|
| Size: |
16384
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780696130.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
F9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2127932015.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9F000
|
| Size: |
131072
|
|
|
453F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284789744.000000000453F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
453F000
|
| Size: |
4096
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2192844500.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293538973.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262529863.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779635392.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
180E5E33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155403057.00000180E5E33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E33000
|
| Size: |
4096
|
|
|
1305D830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299063551.000001305D830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D830000
|
| Size: |
4096
|
|
|
4C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2195488498.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C21000
|
| Size: |
217088
|
|
|
3E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290869246.00000000003E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E0000
|
| Size: |
16384
|
|
|
130433DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215122709.00000130433DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433DE000
|
| Size: |
28672
|
|
|
51C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285367215.00000000051C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51C0000
|
| Size: |
4096
|
|
|
121E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283600926.000000000121E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
121E000
|
| Size: |
135168
|
|
|
457E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284814955.000000000457E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
457E000
|
| Size: |
8192
|
|
|
F11000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000F11000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F11000
|
| Size: |
45056
|
|
|
70C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185137989.00000000070C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70C0000
|
| Size: |
65536
|
|
|
41FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383272621.00000000041FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41FE000
|
| Size: |
8192
|
|
|
13044F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2247469077.0000013044F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13044F60000
|
| Size: |
12288
|
|
|
4AD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2249304316.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AD0000
|
| Size: |
53248
|
|
|
3A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244579884.0000000003A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8F000
|
| Size: |
4096
|
|
|
1304341F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.000001304341F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1304341F000
|
| Size: |
20480
|
|
|
1BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140847909.0000000001BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1BEE000
|
| Size: |
8192
|
|
|
1013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2133801419.0000000001013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1013000
|
| Size: |
36864
|
|
|
3250000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2264913967.0000000003250000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763934279.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
C91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000013.00000000.2739723935.0000000000C91000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C91000
|
| Size: |
393216
|
|
|
7FFD343A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301106483.00007FFD343A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD343A1000
|
| Size: |
32768
|
|
|
146C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214690771.000000000146C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146C000
|
| Size: |
57344
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780610593.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
713E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185315311.000000000713E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
713E000
|
| Size: |
8192
|
|
|
5450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245772476.0000000005450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5450000
|
| Size: |
8192
|
|
|
4CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135861012.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
180E5E34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155351508.00000180E5E34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E34000
|
| Size: |
12288
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139502152.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
754000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2139437354.0000000000754000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
754000
|
| Size: |
114688
|
|
|
5220000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201651080.0000000005220000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5220000
|
| Size: |
4096
|
|
|
370E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244433845.000000000370E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208028559.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293595365.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CC0000
|
| Size: |
4096
|
|
|
368F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311477585.000000000368F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
368F000
|
| Size: |
4096
|
|
|
5210000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201874847.0000000005210000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5210000
|
| Size: |
4096
|
|
|
142A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214477293.000000000142A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142A000
|
| Size: |
143360
|
|
|
CF2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000E.00000000.2225312109.0000000000CF2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CF2000
|
| Size: |
16384
|
|
|
130435A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2220295352.00000130435A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130435A0000
|
| Size: |
4096
|
|
|
7052000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184684901.0000000007052000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7052000
|
| Size: |
4096
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265322915.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
178E3CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156158851.00000178E3CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CD0000
|
| Size: |
28672
|
|
|
4E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384531313.0000000004E20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
308F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244140094.000000000308F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308F000
|
| Size: |
4096
|
|
|
363F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284230494.000000000363F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363F000
|
| Size: |
4096
|
|
|
104D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131785636.000000000104D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
104D000
|
| Size: |
32768
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214899690.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
98304
|
|
|
6CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2143125811.0000000006CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CC0000
|
| Size: |
8192
|
|
|
178E3EAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155839319.00000178E3EAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3EAE000
|
| Size: |
4096
|
|
|
8ADC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246282943.0000000008ADC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8ADC000
|
| Size: |
16384
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291066186.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
4B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245278331.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0E000
|
| Size: |
8192
|
|
|
72F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186122559.00000000072F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72F0000
|
| Size: |
65536
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781568022.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2242408052.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
68DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183633789.00000000068DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68DE000
|
| Size: |
8192
|
|
|
4CA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135861012.0000000004CA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CA4000
|
| Size: |
4096
|
|
|
990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380058895.0000000000990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
460E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245083360.000000000460E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208276059.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
13045420000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2250821208.0000013045420000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
13045420000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183565084.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
3D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244698271.0000000003D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4E000
|
| Size: |
8192
|
|
|
178E3EAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155839319.00000178E3EAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3EAB000
|
| Size: |
8192
|
|
|
360E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292642059.000000000360E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360E000
|
| Size: |
8192
|
|
|
2EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139188893.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
28672
|
|
|
81DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187890021.00000000081DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81DE000
|
| Size: |
8192
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2762067442.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
FCB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134962228.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCB000
|
| Size: |
8192
|
|
|
3B8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314289036.0000000003B8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B8F000
|
| Size: |
4096
|
|
|
2EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139107349.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
16384
|
|
|
680E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183474820.000000000680E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
680E000
|
| Size: |
8192
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2247165644.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220240306.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382458865.0000000002EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
4096
|
|
|
3DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383108702.0000000003DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DFF000
|
| Size: |
4096
|
|
|
F22000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000C.00000002.2306127119.0000000000F22000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F22000
|
| Size: |
1712128
|
|
|
CFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000CFB000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CFB000
|
| Size: |
1626112
|
|
|
3A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284384872.0000000003A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A3E000
|
| Size: |
8192
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265349704.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215045107.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
7FFD34440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302375754.00007FFD34440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34440000
|
| Size: |
65536
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780214388.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
F21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000F21000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F21000
|
| Size: |
4096
|
|
|
4E30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384552145.0000000004E30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E30000
|
| Size: |
4096
|
|
|
121A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283600926.000000000121A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
121A000
|
| Size: |
8192
|
|
|
3B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284430573.0000000003B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B7E000
|
| Size: |
8192
|
|
|
C00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.2177345147.0000000000C00000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
273E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291709910.000000000273E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
273E000
|
| Size: |
8192
|
|
|
1057000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140395492.0000000001057000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1057000
|
| Size: |
16384
|
|
|
9F68B8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211929293.00000009F68B8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F68B8000
|
| Size: |
32768
|
|
|
52D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245704061.00000000052D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
130555DF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2291519677.00000130555DF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
130555DF000
|
| Size: |
1232896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
C00000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2241769369.0000000000C00000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248111206.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
221184
|
|
|
A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291024605.0000000000A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A2F000
|
| Size: |
4096
|
|
|
FF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134523819.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF6000
|
| Size: |
20480
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138732936.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
7FFD343C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2301392260.00007FFD343C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD343C0000
|
| Size: |
20480
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2206696377.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220117750.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
28D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28D3000
|
| Size: |
176128
|
|
|
7D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186449821.0000000007D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D30000
|
| Size: |
65536
|
|
|
FED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134343371.0000000000FED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FED000
|
| Size: |
32768
|
|
|
2EFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2138131560.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFA000
|
| Size: |
40960
|
|
|
288F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292077287.000000000288F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
288F000
|
| Size: |
4096
|
|
|
178E3D12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157669304.00000178E3D12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D12000
|
| Size: |
40960
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2250806852.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
46BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383838477.00000000046BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46BF000
|
| Size: |
4096
|
|
|
10BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130545188.00000000010BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BF000
|
| Size: |
94208
|
|
|
1085000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131233791.0000000001085000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1085000
|
| Size: |
12288
|
|
|
1DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140875593.0000000001DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1DD0000
|
| Size: |
8192
|
|
|
57A0DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2156962745.00000057A0DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A0DFE000
|
| Size: |
8192
|
|
|
2DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382402844.0000000002DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBF000
|
| Size: |
4096
|
|
|
1305D430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2297512660.000001305D430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D430000
|
| Size: |
311296
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780438613.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2261081457.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178600040.000000000070E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
8192
|
|
|
70D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185180955.00000000070D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70D0000
|
| Size: |
4096
|
|
|
EDE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000EDE000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EDE000
|
| Size: |
106496
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2234856587.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
370F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292666342.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
6FA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184226821.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FA4000
|
| Size: |
12288
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2241300866.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
DEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139499538.0000000000DEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DEF000
|
| Size: |
4096
|
|
|
FDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134699122.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FDE000
|
| Size: |
8192
|
|
|
5784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2182361859.0000000005784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5784000
|
| Size: |
1257472
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004B1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B1F000
|
| Size: |
5398528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
967000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379745379.0000000000967000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
967000
|
| Size: |
12288
|
|
|
130433E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.00000130433E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433E6000
|
| Size: |
94208
|
|
|
180E5B5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B5B000
|
| Size: |
4096
|
|
|
178E3CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156080734.00000178E3CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CBE000
|
| Size: |
102400
|
|
|
638A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.000000000638A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
638A000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262411382.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
178E3CF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2152125587.00000178E3CF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CF2000
|
| Size: |
106496
|
|
|
1086000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140419117.0000000001086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1086000
|
| Size: |
8192
|
|
|
FB9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134909399.0000000000FB9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB9000
|
| Size: |
57344
|
|
|
F58000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140224450.0000000000F58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F58000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6385000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.0000000006385000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6385000
|
| Size: |
16384
|
|
|
638E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.000000000638E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
638E000
|
| Size: |
4096
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215263160.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
140F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214996099.000000000140F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140F000
|
| Size: |
110592
|
|
|
71DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185463289.00000000071DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71DF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209229921.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
FFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134699122.0000000000FFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
4096
|
|
|
178E3D0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2154892959.00000178E3D0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D0E000
|
| Size: |
8192
|
|
|
4810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384008990.0000000004810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4810000
|
| Size: |
36864
|
|
|
572E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385388132.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572E000
|
| Size: |
8192
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379745379.0000000000960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
16384
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2243598061.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
1305D505000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298481155.000001305D505000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D505000
|
| Size: |
172032
|
|
|
681000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.2127297617.0000000000681000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
681000
|
| Size: |
634880
|
|
|
105B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131665086.000000000105B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
105B000
|
| Size: |
32768
|
|
|
2F0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134949096.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
8192
|
|
|
467F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284838123.000000000467F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
467F000
|
| Size: |
4096
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134465565.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
130435E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2221158390.00000130435E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
130435E0000
|
| Size: |
16384
|
|
|
702E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184506287.000000000702E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
702E000
|
| Size: |
16384
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2239007939.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134532761.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134572230.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
36864
|
|
|
FB2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000E.00000002.2291501633.0000000000FB2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB2000
|
| Size: |
1712128
|
|
|
3287000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309933287.0000000003287000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3287000
|
| Size: |
12288
|
|
|
2E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139051834.0000000002E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E30000
|
| Size: |
4096
|
|
|
7FFD34480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302832007.00007FFD34480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34480000
|
| Size: |
65536
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2256625868.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
448F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245002270.000000000448F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448F000
|
| Size: |
4096
|
|
|
5454000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245772476.0000000005454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5454000
|
| Size: |
12288
|
|
|
1305D4E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298356914.000001305D4E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D4E1000
|
| Size: |
40960
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2239464784.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
FFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134465565.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFD000
|
| Size: |
32768
|
|
|
4C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245320009.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C21000
|
| Size: |
40960
|
|
|
7310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186213093.0000000007310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7310000
|
| Size: |
65536
|
|
|
178E3D1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155048899.00000178E3D1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D1E000
|
| Size: |
16384
|
|
|
3280000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309933287.0000000003280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3280000
|
| Size: |
16384
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779686955.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
7260000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2185549753.0000000007260000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7260000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763814364.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
178E3CDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2152125587.00000178E3CDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CDE000
|
| Size: |
36864
|
|
|
9F6ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212178371.00000009F6ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6ABE000
|
| Size: |
8192
|
|
|
178E3D5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2153543387.00000178E3D5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D5F000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208911633.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
7FFD344C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303367747.00007FFD344C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344C0000
|
| Size: |
65536
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2189369440.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2207830014.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
163E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307377844.000000000163E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
163E000
|
| Size: |
8192
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210552363.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
4096
|
|
|
70E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185241552.00000000070E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70E0000
|
| Size: |
65536
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134975387.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
49152
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780281369.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
33FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382689479.00000000033FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FF000
|
| Size: |
4096
|
|
|
9F69BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212037017.00000009F69BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F69BE000
|
| Size: |
8192
|
|
|
5749000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2182361859.0000000005749000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5749000
|
| Size: |
163840
|
|
|
6FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184226821.0000000006FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FB0000
|
| Size: |
8192
|
|
|
4AD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293375525.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2266834869.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780967692.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
180E5B24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157920984.00000180E5B24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5B24000
|
| Size: |
12288
|
|
|
3E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383128629.0000000003E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E3E000
|
| Size: |
8192
|
|
|
313F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284036418.000000000313F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313F000
|
| Size: |
4096
|
|
|
33FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284153196.00000000033FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FE000
|
| Size: |
8192
|
|
|
A08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.0000000000A08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A08000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6640000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214404403.0000000006640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6640000
|
| Size: |
8192
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262436798.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
1431000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214899690.0000000001431000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1431000
|
| Size: |
114688
|
|
|
74C000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2127409621.000000000074C000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
74C000
|
| Size: |
4096
|
|
|
1304565D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.000001304565D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1304565D000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241805117.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
F9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128509376.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
356352
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250729890.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
8192
|
|
|
45A5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2179248169.00000000045A5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
45A5000
|
| Size: |
45056
|
|
|
178E3C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156818091.00000178E3C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C50000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2759638833.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
6B2B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183838881.0000000006B2B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B2B000
|
| Size: |
20480
|
|
|
69F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246005460.00000000069F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69F0000
|
| Size: |
4096
|
|
|
7FFD341F3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300072635.00007FFD341F3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD341F3000
|
| Size: |
4096
|
|
|
853C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2188651365.000000000853C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
853C000
|
| Size: |
16384
|
|
|
57A14FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157043165.00000057A14FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A14FE000
|
| Size: |
8192
|
|
|
7FFD3424C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300430191.00007FFD3424C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD3424C000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238962343.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241747524.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
8192
|
|
|
6A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246029699.0000000006A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A00000
|
| Size: |
53248
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2133801419.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
3CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314348093.0000000003CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CCF000
|
| Size: |
4096
|
|
|
424E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244926406.000000000424E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424E000
|
| Size: |
8192
|
|
|
180E5B20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157920984.00000180E5B20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5B20000
|
| Size: |
8192
|
|
|
A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.0000000000A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A01000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2749223016.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2241439373.00000000009C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
4096
|
|
|
50CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384963865.00000000050CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CF000
|
| Size: |
4096
|
|
|
7FFD34520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304143099.00007FFD34520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34520000
|
| Size: |
65536
|
|
|
9F657C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211716042.00000009F657C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F657C000
|
| Size: |
16384
|
|
|
3E0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314403258.0000000003E0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E0F000
|
| Size: |
4096
|
|
|
915000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379613822.0000000000915000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
915000
|
| Size: |
8192
|
|
|
51D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285390327.00000000051D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51D0000
|
| Size: |
4096
|
|
|
4239000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179099391.0000000004239000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4239000
|
| Size: |
16384
|
|
|
4805000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384008990.0000000004805000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4805000
|
| Size: |
8192
|
|
|
178E3CF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156108200.00000178E3CF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CF8000
|
| Size: |
81920
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2750094927.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
130452B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2248039196.00000130452B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130452B4000
|
| Size: |
548864
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220332116.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134376480.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
98304
|
|
|
178E3CA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157419191.00000178E3CA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CA8000
|
| Size: |
86016
|
|
|
2D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292245255.0000000002D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D0F000
|
| Size: |
4096
|
|
|
4C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2750272561.0000000004C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C40000
|
| Size: |
143360
|
|
|
39FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284362224.00000000039FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39FF000
|
| Size: |
4096
|
|
|
353F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382746678.000000000353F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353F000
|
| Size: |
4096
|
|
|
28FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.00000000028FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
262144
|
|
|
51FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245438020.00000000051FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51FF000
|
| Size: |
4096
|
|
|
5580000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318094056.0000000005580000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
40CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244833674.00000000040CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CF000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780369076.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
55B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318216343.00000000055B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55B0000
|
| Size: |
4096
|
|
|
1305D840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299092908.000001305D840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D840000
|
| Size: |
110592
|
|
|
438E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244979647.000000000438E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438E000
|
| Size: |
8192
|
|
|
178E3EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157793181.00000178E3EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3EA0000
|
| Size: |
16384
|
|
|
5610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140573224.0000000005610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5610000
|
| Size: |
4096
|
|
|
1305D630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298952303.000001305D630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D630000
|
| Size: |
8192
|
|
|
3D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244675189.0000000003D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0F000
|
| Size: |
4096
|
|
|
148E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244000545.000000000148E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
148E000
|
| Size: |
135168
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780086182.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780668759.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
FB1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000000.2214646990.0000000000FB1000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB1000
|
| Size: |
1732608
|
|
|
7160000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2213865901.0000000007160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7160000
|
| Size: |
8192
|
|
|
394E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312689518.000000000394E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394E000
|
| Size: |
8192
|
|
|
470E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315728471.000000000470E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470E000
|
| Size: |
8192
|
|
|
2EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283957109.0000000002EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262597632.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
95B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2241345196.000000000095B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95B000
|
| Size: |
20480
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248237722.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
4096
|
|
|
45BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383716408.00000000045BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45BE000
|
| Size: |
8192
|
|
|
1086000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131665086.0000000001086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1086000
|
| Size: |
8192
|
|
|
2DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283797383.0000000002DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBE000
|
| Size: |
8192
|
|
|
9F667E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211771132.00000009F667E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F667E000
|
| Size: |
8192
|
|
|
36BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382814007.00000000036BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36BE000
|
| Size: |
8192
|
|
|
CF9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380789921.0000000000CF9000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
5250000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245495036.0000000005250000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5250000
|
| Size: |
4096
|
|
|
7059000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184991880.0000000007059000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7059000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382307744.0000000002B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B3F000
|
| Size: |
4096
|
|
|
2BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138987071.0000000002BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDE000
|
| Size: |
8192
|
|
|
9F64FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211680315.00000009F64FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F64FE000
|
| Size: |
8192
|
|
|
178E3D97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3D97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D97000
|
| Size: |
4096
|
|
|
F51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2136918166.0000000000F51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F51000
|
| Size: |
122880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
9F760B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214066413.00000009F760B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F760B000
|
| Size: |
20480
|
|
|
3CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383082171.0000000003CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CFE000
|
| Size: |
8192
|
|
|
2780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291881086.0000000002780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2780000
|
| Size: |
16384
|
|
|
7D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186525461.0000000007D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D40000
|
| Size: |
8192
|
|
|
FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135888994.0000000000FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA1000
|
| Size: |
8192
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384431873.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
4A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285002261.0000000004A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A3F000
|
| Size: |
4096
|
|
|
7FFD343B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2301291148.00007FFD343B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD343B0000
|
| Size: |
4096
|
|
|
FCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134699122.0000000000FCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCD000
|
| Size: |
32768
|
|
|
493E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284980276.000000000493E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
493E000
|
| Size: |
8192
|
|
|
132E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242960244.000000000132E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
132E000
|
| Size: |
8192
|
|
|
F9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135215914.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9F000
|
| Size: |
4096
|
|
|
7FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139473663.00000000007FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7FA000
|
| Size: |
24576
|
|
|
178E3D24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157697425.00000178E3D24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D24000
|
| Size: |
8192
|
|
|
FA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138892083.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA5000
|
| Size: |
28672
|
|
|
2F8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244110771.0000000002F8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8C000
|
| Size: |
16384
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2186002075.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
2A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382249380.0000000002A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780497711.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4CBB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384353769.0000000004CBB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CBB000
|
| Size: |
20480
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132821630.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
FA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135888994.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA4000
|
| Size: |
32768
|
|
|
7DF48E240000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2299983476.00007DF48E240000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF48E240000
|
| Size: |
4096
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2185211353.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
1154000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291663716.0000000001154000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1154000
|
| Size: |
8192
|
|
|
178E3D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D80000
|
| Size: |
4096
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292456157.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
10C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131015658.00000000010C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C6000
|
| Size: |
16384
|
|
|
2F0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
8192
|
|
|
3B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284405558.0000000003B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B3F000
|
| Size: |
4096
|
|
|
60EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2142048847.00000000060EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60EE000
|
| Size: |
8192
|
|
|
6434000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135079985.0000000006434000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6434000
|
| Size: |
4096
|
|
|
534F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385171642.000000000534F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
534F000
|
| Size: |
4096
|
|
|
6BCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183905829.0000000006BCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BCB000
|
| Size: |
20480
|
|
|
7FFD344D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303500809.00007FFD344D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344D0000
|
| Size: |
65536
|
|
|
5600000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318441074.0000000005600000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5600000
|
| Size: |
4096
|
|
|
9F6A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212097813.00000009F6A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6A3E000
|
| Size: |
8192
|
|
|
7146000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185343200.0000000007146000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7146000
|
| Size: |
20480
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208953297.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
7FFD34500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303972306.00007FFD34500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34500000
|
| Size: |
65536
|
|
|
180E5B59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B59000
|
| Size: |
4096
|
|
|
428E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293160728.000000000428E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
8192
|
|
|
307E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382531699.000000000307E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307E000
|
| Size: |
8192
|
|
|
119E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283535140.000000000119E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
119E000
|
| Size: |
8192
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2195151534.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
3F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383154314.0000000003F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F3E000
|
| Size: |
8192
|
|
|
16AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244056338.00000000016AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16AF000
|
| Size: |
4096
|
|
|
638C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.000000000638C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
638C000
|
| Size: |
4096
|
|
|
FC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134787507.0000000000FC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC7000
|
| Size: |
24576
|
|
|
4AB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004AB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AB9000
|
| Size: |
413696
|
|
|
13043620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2242544847.0000013043620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13043620000
|
| Size: |
65536
|
|
|
549F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385214169.000000000549F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
549F000
|
| Size: |
4096
|
|
|
178E3D39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2153567609.00000178E3D39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D39000
|
| Size: |
155648
|
|
|
4F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2317618010.0000000004F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F90000
|
| Size: |
4096
|
|
|
F22000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.2242542910.0000000000F22000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F22000
|
| Size: |
1712128
|
|
|
1025000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132473830.0000000001025000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1025000
|
| Size: |
77824
|
|
|
178E3D12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2154892959.00000178E3D12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D12000
|
| Size: |
81920
|
|
|
178E3CD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157548082.00000178E3CD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CD1000
|
| Size: |
24576
|
|
|
178E3D84000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3D84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D84000
|
| Size: |
73728
|
|
|
DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139499538.0000000000DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBF000
|
| Size: |
4096
|
|
|
180E5E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155538755.00000180E5E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E21000
|
| Size: |
16384
|
|
|
680000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2139240247.0000000000680000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
36CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244410100.00000000036CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CF000
|
| Size: |
4096
|
|
|
4E50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384612301.0000000004E50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178572455.00000000006C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
4096
|
|
|
2848000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.0000000002848000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2848000
|
| Size: |
143360
|
|
|
55E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318378374.00000000055E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55E0000
|
| Size: |
4096
|
|
|
35CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292615452.00000000035CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
422D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2179082808.000000000422D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
422D000
|
| Size: |
8192
|
|
|
7FFD342B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300665751.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD342B0000
|
| Size: |
36864
|
|
|
2A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178944881.0000000002A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
8192
|
|
|
3BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383020821.0000000003BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BBE000
|
| Size: |
8192
|
|
|
398F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292775858.000000000398F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398F000
|
| Size: |
4096
|
|
|
C69000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2241934247.0000000000C69000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C69000
|
| Size: |
4096
|
|
|
55F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318409468.00000000055F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55F0000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2229535793.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780782480.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
C00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.2206651987.0000000000C00000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
317F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382555408.000000000317F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317F000
|
| Size: |
4096
|
|
|
628F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135614519.000000000628F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
628F000
|
| Size: |
4096
|
|
|
FAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135142371.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAC000
|
| Size: |
8192
|
|
|
100E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134047171.000000000100E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100E000
|
| Size: |
20480
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2751580179.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
4ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316144894.0000000004ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACE000
|
| Size: |
8192
|
|
|
358F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244352093.000000000358F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358F000
|
| Size: |
4096
|
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315630079.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CE000
|
| Size: |
8192
|
|
|
5580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140520102.0000000005580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
1154000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2283482560.0000000001154000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1154000
|
| Size: |
8192
|
|
|
70A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2185113920.00000000070A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
70A0000
|
| Size: |
4096
|
|
|
130454B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.00000130454B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
130454B2000
|
| Size: |
1720320
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243891109.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
61440
|
|
|
7E00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2187066084.0000000007E00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7E00000
|
| Size: |
8192
|
|
|
4C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293420538.0000000004C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C1F000
|
| Size: |
4096
|
|
|
3D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292937768.0000000003D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4E000
|
| Size: |
8192
|
|
|
3500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140926116.0000000003500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3500000
|
| Size: |
8192
|
|
|
4E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384452034.0000000004E00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
4096
|
|
|
840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379531743.0000000000840000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282532950.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214477293.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
98304
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2243694179.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
14FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2306937227.00000000014FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14FD000
|
| Size: |
12288
|
|
|
3CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383061036.0000000003CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CBF000
|
| Size: |
4096
|
|
|
5140000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241998182.0000000005140000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5140000
|
| Size: |
4096
|
|
|
7E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187476126.0000000007E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E10000
|
| Size: |
4096
|
|
|
4F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2317520626.0000000004F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F8F000
|
| Size: |
4096
|
|
|
DFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000DFB000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DFB000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13045431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.0000013045431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13045431000
|
| Size: |
516096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFD343AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301106483.00007FFD343AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD343AA000
|
| Size: |
24576
|
|
|
43CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293225632.00000000043CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
8192
|
|
|
715E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2213865901.000000000715E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
715E000
|
| Size: |
4096
|
|
|
13055440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2291519677.0000013055440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13055440000
|
| Size: |
360448
|
|
|
F72000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128948525.0000000000F72000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F72000
|
| Size: |
4096
|
|
|
180E5B70000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2157967065.00000180E5B70000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
180E5B70000
|
| Size: |
4096
|
|
|
C90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000000.2225288053.0000000000C90000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
277E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291732941.000000000277E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
277E000
|
| Size: |
8192
|
|
|
2F2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139350673.0000000002F2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2D000
|
| Size: |
36864
|
|
|
557E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140432841.000000000557E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
557E000
|
| Size: |
8192
|
|
|
6D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184021008.0000000006D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D4E000
|
| Size: |
8192
|
|
|
7DAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186552923.0000000007DAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DAD000
|
| Size: |
12288
|
|
|
44CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245032628.00000000044CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CE000
|
| Size: |
8192
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139663391.0000000000E60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250997970.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C30000
|
| Size: |
4096
|
|
|
3BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314319260.0000000003BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
8192
|
|
|
F6E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000F6E000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F6E000
|
| Size: |
106496
|
|
|
C69000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.2207902836.0000000000C69000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
C69000
|
| Size: |
4096
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250797447.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
2F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133555080.0000000002F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
126976
|
|
|
FFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140367981.0000000000FFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
4096
|
|
|
6285000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135140886.0000000006285000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6285000
|
| Size: |
20480
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
36864
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779565408.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
178E3D39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157697425.00000178E3D39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D39000
|
| Size: |
155648
|
|
|
5060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2189448468.0000000005060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5060000
|
| Size: |
159744
|
|
|
FBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128005630.0000000000FBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
4096
|
|
|
4DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384377108.0000000004DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DBF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2206735335.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
10D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130012944.00000000010D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D6000
|
| Size: |
159744
|
|
|
5210000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245469863.0000000005210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5210000
|
| Size: |
4096
|
|
|
C00000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2305208019.0000000000C00000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2250349774.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AD0000
|
| Size: |
53248
|
|
|
704C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184659889.000000000704C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
704C000
|
| Size: |
12288
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780913097.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4670000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179396005.0000000004670000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
4096
|
|
|
70D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185180955.00000000070D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70D2000
|
| Size: |
16384
|
|
|
178E3D12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2152125587.00000178E3D12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D12000
|
| Size: |
147456
|
|
|
6A2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183736114.0000000006A2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A2E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781538760.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2127967144.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
311296
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780638174.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
6815000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2183510618.0000000006815000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6815000
|
| Size: |
8192
|
|
|
FAD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140315685.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAD000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780041263.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1670000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307602342.0000000001670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1670000
|
| Size: |
36864
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764082750.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292856913.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B0E000
|
| Size: |
8192
|
|
|
3E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290869246.00000000003E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E5000
|
| Size: |
8192
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131092283.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
28672
|
|
|
4C7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384297995.0000000004C7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C7C000
|
| Size: |
16384
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781151852.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
327F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284081361.000000000327F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
327F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781179851.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1305D88B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299092908.000001305D88B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D88B000
|
| Size: |
8192
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214477293.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
8192
|
|
|
4B81000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238873133.0000000004B81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B81000
|
| Size: |
221184
|
|
|
10BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131300556.00000000010BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BC000
|
| Size: |
12288
|
|
|
CF2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000013.00000000.2739723935.0000000000CF2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CF2000
|
| Size: |
16384
|
|
|
420F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244894822.000000000420F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420F000
|
| Size: |
4096
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2241528624.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
8192
|
|
|
480F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315759807.000000000480F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
480F000
|
| Size: |
4096
|
|
|
76B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290974312.000000000076B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76B000
|
| Size: |
131072
|
|
|
2A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178967570.0000000002A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A70000
|
| Size: |
24576
|
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293571237.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CB0000
|
| Size: |
4096
|
|
|
4A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2241412742.0000000004A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A80000
|
| Size: |
163840
|
|
|
334E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244276090.000000000334E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764025860.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
84F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246105112.00000000084F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84F0000
|
| Size: |
16384
|
|
|
178E3D22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2154998399.00000178E3D22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D22000
|
| Size: |
16384
|
|
|
562D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385348919.000000000562D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
562D000
|
| Size: |
12288
|
|
|
A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138815867.0000000000A00000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
4096
|
|
|
2F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134376480.0000000002F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
126976
|
|
|
400E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293067124.000000000400E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
8192
|
|
|
3ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244600943.0000000003ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACE000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2243730347.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
180E5F35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155465561.00000180E5F35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5F35000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2206608366.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780581598.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4230000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179099391.0000000004230000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
32768
|
|
|
108F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138831515.000000000108F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
108F000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
CFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000CFB000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CFB000
|
| Size: |
1626112
|
|
|
7FFD344F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303850736.00007FFD344F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344F0000
|
| Size: |
65536
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244082374.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
2EFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139306327.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFC000
|
| Size: |
32768
|
|
|
37FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382874413.00000000037FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37FE000
|
| Size: |
8192
|
|
|
178E3C88000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157419191.00000178E3C88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C88000
|
| Size: |
20480
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131188520.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
28672
|
|
|
1200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283579065.0000000001200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1200000
|
| Size: |
4096
|
|
|
2DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241971254.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2DE0000
|
| Size: |
4096
|
|
|
4B81000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2243652751.0000000004B81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B81000
|
| Size: |
49152
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781329617.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
2F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134975387.0000000002F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F38000
|
| Size: |
20480
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764137327.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
46FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383903797.00000000046FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46FE000
|
| Size: |
8192
|
|
|
178E3D1C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156003922.00000178E3D1C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D1C000
|
| Size: |
8192
|
|
|
CF9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000E.00000000.2225395998.0000000000CF9000.00000008.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
6720000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2183240505.0000000006720000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6720000
|
| Size: |
36864
|
|
|
6C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183946425.0000000006C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8E000
|
| Size: |
8192
|
|
|
47BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284889186.00000000047BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47BF000
|
| Size: |
4096
|
|
|
FFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134962228.0000000000FFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
4096
|
|
|
703A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184618544.000000000703A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
703A000
|
| Size: |
57344
|
|
|
32BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284104223.00000000032BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32BE000
|
| Size: |
8192
|
|
|
6383000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.0000000006383000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6383000
|
| Size: |
4096
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309704337.000000000324E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
8192
|
|
|
7FFD34210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300392871.00007FFD34210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34210000
|
| Size: |
4096
|
|
|
5170000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285255810.0000000005170000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5170000
|
| Size: |
4096
|
|
|
FB1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000FB1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FB1000
|
| Size: |
4096
|
|
|
146C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214477293.000000000146C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146C000
|
| Size: |
57344
|
|
|
2ED2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139188893.0000000002ED2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2ED2000
|
| Size: |
122880
|
|
|
50B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245379172.00000000050B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
4E80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384677030.0000000004E80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
1071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131092283.0000000001071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1071000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282504057.0000000000BE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
3ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293017094.0000000003ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECE000
|
| Size: |
8192
|
|
|
5590000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318123369.0000000005590000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5590000
|
| Size: |
4096
|
|
|
4A8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004A8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A8F000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
393E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382923810.000000000393E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
393E000
|
| Size: |
8192
|
|
|
9F647E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211647504.00000009F647E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F647E000
|
| Size: |
8192
|
|
|
72D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186018982.00000000072D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72D0000
|
| Size: |
65536
|
|
|
4678000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179396005.0000000004678000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4678000
|
| Size: |
12288
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2216636613.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
685E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183581227.000000000685E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
685E000
|
| Size: |
8192
|
|
|
430F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315496791.000000000430F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
430F000
|
| Size: |
4096
|
|
|
4C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183287714.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C21000
|
| Size: |
49152
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282586173.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
4C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316206386.0000000004C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0E000
|
| Size: |
8192
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241841510.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
13043370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214760806.0000013043370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043370000
|
| Size: |
16384
|
|
|
C90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380663317.0000000000C90000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
384E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244484742.000000000384E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384E000
|
| Size: |
8192
|
|
|
886F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246190464.000000000886F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
886F000
|
| Size: |
4096
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2257691986.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
6646000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214404403.0000000006646000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6646000
|
| Size: |
4096
|
|
|
37BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284295339.00000000037BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37BE000
|
| Size: |
8192
|
|
|
72E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186074531.00000000072E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E0000
|
| Size: |
65536
|
|
|
2F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139350673.0000000002F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F17000
|
| Size: |
86016
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780823970.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2205714747.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265371357.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2207978125.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2746765283.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
4E40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384586630.0000000004E40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E40000
|
| Size: |
4096
|
|
|
17EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140795785.00000000017EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17EE000
|
| Size: |
8192
|
|
|
178E3C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157230441.00000178E3C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E3C40000
|
| Size: |
4096
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139010559.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
4096
|
|
|
638000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178526674.0000000000638000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
638000
|
| Size: |
32768
|
|
|
F6E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000F6E000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F6E000
|
| Size: |
106496
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2214642278.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
37BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382839292.00000000037BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37BF000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220160001.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
4C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250917441.0000000004C40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C40000
|
| Size: |
4096
|
|
|
180E5E3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2158035560.00000180E5E3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E3B000
|
| Size: |
20480
|
|
|
107E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131152430.000000000107E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
107E000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139742644.0000000000EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EEE000
|
| Size: |
8192
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379683037.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
73E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290935693.000000000073E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73E000
|
| Size: |
8192
|
|
|
2A77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178967570.0000000002A77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A77000
|
| Size: |
24576
|
|
|
2FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292374801.0000000002FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCE000
|
| Size: |
8192
|
|
|
130434A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.00000130434A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130434A4000
|
| Size: |
110592
|
|
|
55A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318185960.00000000055A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55A0000
|
| Size: |
4096
|
|
|
4220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179016351.0000000004220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4220000
|
| Size: |
12288
|
|
|
1200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2240494657.0000000001200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1200000
|
| Size: |
53248
|
|
|
70F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185287213.00000000070F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70F0000
|
| Size: |
4096
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2127863884.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
53248
|
|
|
4B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285076129.0000000004B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7F000
|
| Size: |
4096
|
|
|
10AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138976135.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10AA000
|
| Size: |
12288
|
|
|
3C4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292915256.0000000003C4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C4D000
|
| Size: |
12288
|
|
|
5FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2141365302.0000000005FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FEE000
|
| Size: |
8192
|
|
|
546C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140191599.000000000546C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
546C000
|
| Size: |
16384
|
|
|
7FFD34470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302721917.00007FFD34470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34470000
|
| Size: |
65536
|
|
|
7FFD341F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300016939.00007FFD341F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD341F2000
|
| Size: |
4096
|
|
|
7140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185343200.0000000007140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7140000
|
| Size: |
20480
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2206667024.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1492000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210506665.0000000001492000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1492000
|
| Size: |
4096
|
|
|
57A15FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157077283.00000057A15FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A15FE000
|
| Size: |
8192
|
|
|
2ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292155950.0000000002ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ACE000
|
| Size: |
8192
|
|
|
2F4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136619255.0000000002F4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
32768
|
|
|
FB1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000FB1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FB1000
|
| Size: |
4096
|
|
|
72B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185925654.00000000072B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72B0000
|
| Size: |
65536
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139161732.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
130433C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214937707.00000130433C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433C0000
|
| Size: |
28672
|
|
|
178E3BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157186080.00000178E3BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3BE0000
|
| Size: |
8192
|
|
|
7000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184472961.0000000007000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7000000
|
| Size: |
32768
|
|
|
10E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140755104.00000000010E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E7000
|
| Size: |
90112
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763642731.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
FF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134343371.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF6000
|
| Size: |
61440
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215627968.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2196479141.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1479000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210785951.0000000001479000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1479000
|
| Size: |
4096
|
|
|
6D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184043707.0000000006D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D51000
|
| Size: |
40960
|
|
|
F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139001646.0000000000F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
16384
|
|
|
7FFD341FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300166591.00007FFD341FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD341FD000
|
| Size: |
12288
|
|
|
7160000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214312502.0000000007160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7160000
|
| Size: |
8192
|
|
|
4F8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384699437.0000000004F8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F8B000
|
| Size: |
20480
|
|
|
178E3CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2153879605.00000178E3CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CBE000
|
| Size: |
102400
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262044589.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
146D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243830568.000000000146D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146D000
|
| Size: |
53248
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293725107.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
643F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135079985.000000000643F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
643F000
|
| Size: |
4096
|
|
|
6730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183284203.0000000006730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6730000
|
| Size: |
65536
|
|
|
7E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187513502.0000000007E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E20000
|
| Size: |
12288
|
|
|
178E3D39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2152125587.00000178E3D39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D39000
|
| Size: |
159744
|
|
|
6FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184226821.0000000006FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FA0000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208995032.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
3FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178500430.00000000003FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FC000
|
| Size: |
16384
|
|
|
862B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246129386.000000000862B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
862B000
|
| Size: |
20480
|
|
|
7055000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184708837.0000000007055000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7055000
|
| Size: |
8192
|
|
|
1340000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242988016.0000000001340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
20480
|
|
|
4C32000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245320009.0000000004C32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C32000
|
| Size: |
8192
|
|
|
FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135176566.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA0000
|
| Size: |
12288
|
|
|
2DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382434062.0000000002DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFE000
|
| Size: |
8192
|
|
|
7DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186579999.0000000007DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DEE000
|
| Size: |
8192
|
|
|
4247000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179142343.0000000004247000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4247000
|
| Size: |
8192
|
|
|
1068000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131092283.0000000001068000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1068000
|
| Size: |
32768
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245566292.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183479462.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
51F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285435271.00000000051F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
53D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2250949094.00000000053D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53D0000
|
| Size: |
163840
|
|
|
13A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243163483.00000000013A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
4096
|
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243186358.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
49152
|
|
|
13043360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214589665.0000013043360000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043360000
|
| Size: |
4096
|
|
|
6750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2143005441.0000000006750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6750000
|
| Size: |
8192
|
|
|
6E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184176241.0000000006E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E50000
|
| Size: |
4096
|
|
|
178E3C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157419191.00000178E3C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C80000
|
| Size: |
28672
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2744513972.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
49152
|
|
|
7FFD34310000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300895035.00007FFD34310000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD34310000
|
| Size: |
28672
|
|
|
178E3D27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157697425.00000178E3D27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D27000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1304605D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.000001304605D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1304605D000
|
| Size: |
5435392
|
|
|
8B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379565498.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B0000
|
| Size: |
4096
|
|
|
2EF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133806451.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF1000
|
| Size: |
81920
|
|
|
513F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285207120.000000000513F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513F000
|
| Size: |
4096
|
|
|
742000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2139326890.0000000000742000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
742000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245517712.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128187478.0000000000F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F60000
|
| Size: |
610304
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138792799.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
69DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2143067159.00000000069DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69DB000
|
| Size: |
20480
|
|
|
344F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244299272.000000000344F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344F000
|
| Size: |
4096
|
|
|
178E3D0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2152125587.00000178E3D0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D0E000
|
| Size: |
8192
|
|
|
57A18FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157099374.00000057A18FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A18FB000
|
| Size: |
20480
|
|
|
46BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284863176.00000000046BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46BE000
|
| Size: |
8192
|
|
|
51E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285412069.00000000051E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51E0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318314589.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
1305D4F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298481155.000001305D4F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D4F4000
|
| Size: |
40960
|
|
|
2A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292133491.0000000002A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A8F000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2757000914.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
3470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140898716.0000000003470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3470000
|
| Size: |
4096
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250766339.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2244525087.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
2D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283728148.0000000002D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D7F000
|
| Size: |
4096
|
|
|
4C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2203475506.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C21000
|
| Size: |
49152
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2196613097.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
9F6836000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211884520.00000009F6836000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6836000
|
| Size: |
40960
|
|
|
4721000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004721000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
380928
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1689000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307602342.0000000001689000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1689000
|
| Size: |
77824
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2252317263.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
4096
|
|
|
4A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316115052.0000000004A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A8F000
|
| Size: |
4096
|
|
|
390F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312655791.000000000390F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
390F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781358157.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
178E3D12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155928209.00000178E3D12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D12000
|
| Size: |
49152
|
|
|
6FA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184226821.0000000006FA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FA8000
|
| Size: |
28672
|
|
|
1494000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2211005963.0000000001494000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1494000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
663E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245831448.000000000663E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
663E000
|
| Size: |
8192
|
|
|
C90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282606552.0000000000C90000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
5230000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201679923.0000000005230000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5230000
|
| Size: |
4096
|
|
|
50FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245405781.00000000050FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FE000
|
| Size: |
8192
|
|
|
5610000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318472761.0000000005610000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5610000
|
| Size: |
4096
|
|
|
6290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135211975.0000000006290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6290000
|
| Size: |
12288
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208178564.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
7FFD34510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304094001.00007FFD34510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34510000
|
| Size: |
12288
|
|
|
4A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285039937.0000000004A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A7E000
|
| Size: |
8192
|
|
|
3F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244773010.0000000003F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8F000
|
| Size: |
4096
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2259360531.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
7FFD342D6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300739152.00007FFD342D6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD342D6000
|
| Size: |
73728
|
|
|
10D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140587063.00000000010D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D1000
|
| Size: |
20480
|
|
|
2CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382379185.0000000002CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CBE000
|
| Size: |
8192
|
|
|
3CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284477743.0000000003CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CBE000
|
| Size: |
8192
|
|
|
F9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135006944.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
110592
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2237772409.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133555080.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
C90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000000.2214400299.0000000000C90000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
628C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135140886.000000000628C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
628C000
|
| Size: |
28672
|
|
|
417F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284635443.000000000417F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
417F000
|
| Size: |
4096
|
|
|
C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2762227965.0000000000C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
178E3CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157517208.00000178E3CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CBE000
|
| Size: |
73728
|
|
|
82B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2188303300.00000000082B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82B5000
|
| Size: |
36864
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210785951.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
4096
|
|
|
6FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184329689.0000000006FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FCA000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316176651.0000000004BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BCF000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780882703.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2761885338.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764192142.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
539E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385192760.000000000539E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
539E000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2258522548.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
6280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2142262729.0000000006280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6280000
|
| Size: |
4096
|
|
|
434F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244953221.000000000434F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434F000
|
| Size: |
4096
|
|
|
443E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284767614.000000000443E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
443E000
|
| Size: |
8192
|
|
|
3FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293043087.0000000003FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCF000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2748425738.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290914726.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779792360.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139036796.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
477F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.000000000477F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
477F000
|
| Size: |
999424
|
|
|
303F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382509656.000000000303F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303F000
|
| Size: |
4096
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214690771.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
8192
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140224450.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781480501.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
57A11FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157023785.00000057A11FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A11FE000
|
| Size: |
8192
|
|
|
46CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179437211.00000000046CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CC000
|
| Size: |
16384
|
|
|
4800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384008990.0000000004800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
4096
|
|
|
71C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2139326890.000000000071C000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
71C000
|
| Size: |
151552
|
|
|
F44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2128040835.0000000000F44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F44000
|
| Size: |
45056
|
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292269395.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2214843713.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
3A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313188699.0000000003A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A4F000
|
| Size: |
4096
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248202453.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
4096
|
|
|
617E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2142075654.000000000617E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
617E000
|
| Size: |
8192
|
|
|
348E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244326253.000000000348E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348E000
|
| Size: |
8192
|
|
|
2E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292315876.0000000002E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8E000
|
| Size: |
8192
|
|
|
11CA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242793172.00000000011CA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CA000
|
| Size: |
24576
|
|
|
12EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2242889778.00000000012EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EE000
|
| Size: |
8192
|
|
|
35C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290820546.000000000035C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35C000
|
| Size: |
16384
|
|
|
EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139826525.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
4096
|
|
|
3A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314258847.0000000003A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8E000
|
| Size: |
8192
|
|
|
FAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135100638.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAE000
|
| Size: |
28672
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201604633.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
4E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2317492272.0000000004E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E8E000
|
| Size: |
8192
|
|
|
FA1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000FA1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FA1000
|
| Size: |
45056
|
|
|
3ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292831142.0000000003ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
2DF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283893769.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DF7000
|
| Size: |
8192
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136619255.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
8AE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2211431929.0000000008AE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8AE7000
|
| Size: |
524288
|
|
|
C62000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000C.00000000.2206692647.0000000000C62000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C62000
|
| Size: |
16384
|
|
|
4240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179142343.0000000004240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4240000
|
| Size: |
16384
|
|
|
2F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134376480.0000000002F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F38000
|
| Size: |
20480
|
|
|
6281000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135614519.0000000006281000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6281000
|
| Size: |
4096
|
|
|
70BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246078755.00000000070BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70BE000
|
| Size: |
8192
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134909399.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
12288
|
|
|
41CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315432503.00000000041CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41CF000
|
| Size: |
4096
|
|
|
42BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284687467.00000000042BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42BF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2196568570.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
503E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2285182352.000000000503E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
503E000
|
| Size: |
8192
|
|
|
FF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134572230.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF8000
|
| Size: |
12288
|
|
|
43FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284744197.00000000043FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43FF000
|
| Size: |
4096
|
|
|
725D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185514188.000000000725D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
725D000
|
| Size: |
12288
|
|
|
1304658D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.000001304658D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1304658D000
|
| Size: |
6287360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
494F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315851096.000000000494F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
494F000
|
| Size: |
4096
|
|
|
457F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383504833.000000000457F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
457F000
|
| Size: |
4096
|
|
|
438F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293197347.000000000438F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438F000
|
| Size: |
4096
|
|
|
3F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315347906.0000000003F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8E000
|
| Size: |
8192
|
|
|
178E3D0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156108200.00000178E3D0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D0E000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238943493.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
180E5F80000
|
trusted library allocation
|
page execute
|
|
|
|
| Name: |
00000008.00000003.2154592554.00000180E5F80000.00000010.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute
|
| Base address: |
180E5F80000
|
| Size: |
4096
|
|
|
F9A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000F9A000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F9A000
|
| Size: |
24576
|
|
|
876E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246169599.000000000876E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
876E000
|
| Size: |
8192
|
|
|
45A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179217594.00000000045A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45A2000
|
| Size: |
12288
|
|
|
178E3D99000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3D99000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D99000
|
| Size: |
12288
|
|
|
7270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185577627.0000000007270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7270000
|
| Size: |
61440
|
|
|
72A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185877933.00000000072A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72A0000
|
| Size: |
65536
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220291564.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
320E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309651567.000000000320E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320E000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2244811103.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
89A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138735234.000000000089A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89A000
|
| Size: |
24576
|
|
|
51B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285346831.00000000051B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
F54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139161732.0000000000F54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F54000
|
| Size: |
110592
|
|
|
F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140018043.0000000000F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F20000
|
| Size: |
24576
|
|
|
3B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382999386.0000000003B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B7F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763898317.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781242804.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
5180000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285277970.0000000005180000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5180000
|
| Size: |
4096
|
|
|
3250000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309807207.0000000003250000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
4096
|
|
|
7330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186325237.0000000007330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7330000
|
| Size: |
65536
|
|
|
178E3DA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156680095.00000178E3DA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3DA1000
|
| Size: |
4096
|
|
|
32BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382634475.00000000032BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32BF000
|
| Size: |
4096
|
|
|
4AB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004AB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AB3000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4E97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136007301.0000000004E97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E97000
|
| Size: |
4096
|
|
|
C90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291084942.0000000000C90000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
1305549D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2291519677.000001305549D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1305549D000
|
| Size: |
1282048
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
380F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244457510.000000000380F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780855307.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134047171.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
6FE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184329689.0000000006FE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FE7000
|
| Size: |
45056
|
|
|
13043407000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.0000013043407000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043407000
|
| Size: |
12288
|
|
|
40BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383221249.00000000040BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40BE000
|
| Size: |
8192
|
|
|
180E5A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157896685.00000180E5A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5A90000
|
| Size: |
4096
|
|
|
4F91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2266796293.0000000004F91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F91000
|
| Size: |
49152
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2192066085.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
544E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2317829600.000000000544E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
544E000
|
| Size: |
8192
|
|
|
38BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284321318.00000000038BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38BF000
|
| Size: |
4096
|
|
|
7DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186852560.0000000007DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DF0000
|
| Size: |
4096
|
|
|
420E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315467357.000000000420E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
8192
|
|
|
2E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139074066.0000000002E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E70000
|
| Size: |
4096
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178643842.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
12288
|
|
|
50B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2197714077.00000000050B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763514481.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
7150000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214312502.0000000007150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7150000
|
| Size: |
4096
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2247990416.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138901014.0000000000A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
4096
|
|
|
310E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292431627.000000000310E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
310E000
|
| Size: |
8192
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135030590.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
FD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134682629.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FD5000
|
| Size: |
45056
|
|
|
180E5E38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155351508.00000180E5E38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E38000
|
| Size: |
32768
|
|
|
8230000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2188267402.0000000008230000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8230000
|
| Size: |
32768
|
|
|
C62000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241822249.0000000000C62000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C62000
|
| Size: |
20480
|
|
|
71C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2127360233.000000000071C000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
71C000
|
| Size: |
151552
|
|
|
47FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383987975.00000000047FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47FF000
|
| Size: |
4096
|
|
|
15AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244033329.00000000015AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15AE000
|
| Size: |
8192
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201570882.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779858648.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
180E5E39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155422289.00000180E5E39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E39000
|
| Size: |
28672
|
|
|
51A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285322875.00000000051A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293298374.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214477293.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
2EAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139107349.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EAA000
|
| Size: |
20480
|
|
|
42FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284718418.00000000042FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42FE000
|
| Size: |
8192
|
|
|
4710000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2179480257.0000000004710000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4710000
|
| Size: |
4096
|
|
|
CF2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291105783.0000000000CF2000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF2000
|
| Size: |
20480
|
|
|
2F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133555080.0000000002F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F38000
|
| Size: |
20480
|
|
|
10DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140608369.00000000010DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10DD000
|
| Size: |
12288
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780121458.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763547004.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780553362.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1305D863000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299092908.000001305D863000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D863000
|
| Size: |
118784
|
|
|
458F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315606681.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458F000
|
| Size: |
4096
|
|
|
338E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292530875.000000000338E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
7320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186268738.0000000007320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
65536
|
|
|
FFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134572230.0000000000FFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
4096
|
|
|
52A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245606517.00000000052A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52A0000
|
| Size: |
4096
|
|
|
3FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244800611.0000000003FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCE000
|
| Size: |
8192
|
|
|
2A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178921914.0000000002A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A4E000
|
| Size: |
8192
|
|
|
484F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245153031.000000000484F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780998047.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
30CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292407838.00000000030CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CF000
|
| Size: |
4096
|
|
|
498E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316083296.000000000498E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498E000
|
| Size: |
8192
|
|
|
5290000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245586343.0000000005290000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5290000
|
| Size: |
4096
|
|
|
4D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316506675.0000000004D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0F000
|
| Size: |
4096
|
|
|
2878000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.0000000002878000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2878000
|
| Size: |
368640
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
10BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140514323.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BE000
|
| Size: |
4096
|
|
|
52E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245737291.00000000052E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780151087.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
178E3CF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2154892959.00000178E3CF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CF2000
|
| Size: |
106496
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290974312.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
36864
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220265101.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384652301.0000000004E70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E70000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2752468701.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215594544.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
86016
|
|
|
68CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245935818.00000000068CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68CE000
|
| Size: |
8192
|
|
|
F9A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000F9A000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F9A000
|
| Size: |
24576
|
|
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301785065.00007FFD34400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34400000
|
| Size: |
65536
|
|
|
3C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244645046.0000000003C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0E000
|
| Size: |
8192
|
|
|
C62000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305233285.0000000000C62000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C62000
|
| Size: |
20480
|
|
|
357E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382769952.000000000357E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
357E000
|
| Size: |
8192
|
|
|
474E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245128265.000000000474E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474E000
|
| Size: |
8192
|
|
|
5729000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2182361859.0000000005729000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5729000
|
| Size: |
4096
|
|
|
DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139499538.0000000000DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DFE000
|
| Size: |
8192
|
|
|
6291000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135614519.0000000006291000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6291000
|
| Size: |
8192
|
|
|
10A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131072588.00000000010A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A3000
|
| Size: |
40960
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2230535575.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
DDB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139499538.0000000000DDB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDB000
|
| Size: |
20480
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2187616586.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
1305D4FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298481155.000001305D4FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D4FF000
|
| Size: |
20480
|
|
|
B6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282000379.0000000000B6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B6D000
|
| Size: |
12288
|
|
|
4B81000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220087180.0000000004B81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B81000
|
| Size: |
49152
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209052279.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
681000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.2139262773.0000000000681000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
681000
|
| Size: |
634880
|
|
|
470F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245105719.000000000470F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780752671.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
10C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130800991.00000000010C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C6000
|
| Size: |
16384
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135058834.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
4096
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214796543.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293274469.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
9F758F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2213103802.00000009F758F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F758F000
|
| Size: |
4096
|
|
|
7FFD3420B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300251834.00007FFD3420B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD3420B000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245544425.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
180E5E39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155772802.00000180E5E39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E39000
|
| Size: |
28672
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265293643.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
2F0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133806451.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
8192
|
|
|
4C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245299173.0000000004C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0F000
|
| Size: |
4096
|
|
|
13055431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2291519677.0000013055431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13055431000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781300346.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
3EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284545273.0000000003EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EFF000
|
| Size: |
4096
|
|
|
180E5B51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B51000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2205467903.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
434E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315526479.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434E000
|
| Size: |
8192
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201525161.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
384F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292715590.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
178E3D24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156003922.00000178E3D24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D24000
|
| Size: |
8192
|
|
|
3270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265456924.0000000003270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3270000
|
| Size: |
4096
|
|
|
F0A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000F0A000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F0A000
|
| Size: |
24576
|
|
|
10E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130419813.00000000010E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E0000
|
| Size: |
118784
|
|
|
7009000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184506287.0000000007009000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7009000
|
| Size: |
24576
|
|
|
6391000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.0000000006391000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6391000
|
| Size: |
20480
|
|
|
1044000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132239401.0000000001044000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1044000
|
| Size: |
36864
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2238673525.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
4ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245255957.0000000004ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACF000
|
| Size: |
4096
|
|
|
F21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000C.00000000.2207983975.0000000000F21000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F21000
|
| Size: |
1732608
|
|
|
13BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243186358.00000000013BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13BE000
|
| Size: |
245760
|
|
|
5560000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265427837.0000000005560000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5560000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183405354.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1305D897000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299092908.000001305D897000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D897000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F38000
|
| Size: |
20480
|
|
|
398E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244538957.000000000398E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
130433C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214937707.00000130433C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433C8000
|
| Size: |
36864
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262328259.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2238985093.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
19AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309380498.00000000019AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19AF000
|
| Size: |
4096
|
|
|
41BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284663734.00000000041BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41BE000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2248323347.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
2E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292290600.0000000002E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4F000
|
| Size: |
4096
|
|
|
7FFD344E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303723537.00007FFD344E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344E0000
|
| Size: |
65536
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209313266.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304480918.00007FFD34550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34550000
|
| Size: |
8192
|
|
|
13044E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2246588507.0000013044E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13044E70000
|
| Size: |
36864
|
|
|
178E3EAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157849111.00000178E3EAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3EAE000
|
| Size: |
4096
|
|
|
FAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140293460.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAA000
|
| Size: |
8192
|
|
|
4E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136007301.0000000004E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
4096
|
|
|
FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135215914.0000000000FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA1000
|
| Size: |
8192
|
|
|
2B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138936697.0000000002B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
16384
|
|
|
4FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384904321.0000000004FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FCE000
|
| Size: |
8192
|
|
|
FB1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000FB1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FB1000
|
| Size: |
4096
|
|
|
C69000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2305396368.0000000000C69000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C69000
|
| Size: |
4096
|
|
|
7035000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184592706.0000000007035000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7035000
|
| Size: |
12288
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2196321850.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
343E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382712481.000000000343E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343E000
|
| Size: |
8192
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2245408237.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
4CAF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135861012.0000000004CAF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CAF000
|
| Size: |
4096
|
|
|
3D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314375684.0000000003D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0E000
|
| Size: |
8192
|
|
|
13044E13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2245431744.0000013044E13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13044E13000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763758733.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
34FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139676219.00000000034FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FE000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2233811729.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
A6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2281965073.0000000000A6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6C000
|
| Size: |
16384
|
|
|
5550000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265402151.0000000005550000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
13043635000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2244548484.0000013043635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043635000
|
| Size: |
40960
|
|
|
3E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244749200.0000000003E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8E000
|
| Size: |
8192
|
|
|
180E5F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155465561.00000180E5F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5F20000
|
| Size: |
4096
|
|
|
627E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2142202169.000000000627E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
627E000
|
| Size: |
8192
|
|
|
990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2760752130.0000000000990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
53248
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2133555080.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
98304
|
|
|
4610000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293321649.0000000004610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4610000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781111891.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
3F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284566807.0000000003F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F3E000
|
| Size: |
8192
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243891109.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
8192
|
|
|
74E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178622247.000000000074E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74E000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2223660816.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4CA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135861012.0000000004CA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CA6000
|
| Size: |
32768
|
|
|
13044E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2245431744.0000013044E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13044E10000
|
| Size: |
8192
|
|
|
678E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245884431.000000000678E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
678E000
|
| Size: |
8192
|
|
|
7FFD34450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302488990.00007FFD34450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34450000
|
| Size: |
65536
|
|
|
7FFD344A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303103037.00007FFD344A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344A0000
|
| Size: |
65536
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2215177492.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2127836955.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
49152
|
|
|
EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139680264.0000000000EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EAE000
|
| Size: |
8192
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131785636.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
96D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379745379.000000000096D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
96D000
|
| Size: |
4096
|
|
|
1411000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243621470.0000000001411000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1411000
|
| Size: |
102400
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780469388.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
6A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183759793.0000000006A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A6E000
|
| Size: |
8192
|
|
|
FB1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000013.00000000.2739802903.0000000000FB1000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB1000
|
| Size: |
1732608
|
|
|
1210000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283600926.0000000001210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1210000
|
| Size: |
32768
|
|
|
EDE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000EDE000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EDE000
|
| Size: |
106496
|
|
|
1492000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210712676.0000000001492000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1492000
|
| Size: |
40960
|
|
|
6AED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183812462.0000000006AED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AED000
|
| Size: |
12288
|
|
|
F52000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2139036796.0000000000F52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F52000
|
| Size: |
4096
|
|
|
298F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292107432.000000000298F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298F000
|
| Size: |
4096
|
|
|
CF9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282716639.0000000000CF9000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312376723.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37CF000
|
| Size: |
4096
|
|
|
7280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185614407.0000000007280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7280000
|
| Size: |
65536
|
|
|
1154000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3382121776.0000000001154000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1154000
|
| Size: |
8192
|
|
|
180E5B53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B53000
|
| Size: |
4096
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140443766.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
8192
|
|
|
46CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315696296.00000000046CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CF000
|
| Size: |
4096
|
|
|
6ADD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2143098190.0000000006ADD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ADD000
|
| Size: |
12288
|
|
|
1305D883000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2299092908.000001305D883000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D883000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2136918166.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
7FFD34430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302166684.00007FFD34430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34430000
|
| Size: |
65536
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2234593082.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
49152
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262237516.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
7FFD342A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300486213.00007FFD342A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD342A0000
|
| Size: |
8192
|
|
|
101D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2133801419.000000000101D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101D000
|
| Size: |
8192
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220214019.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
1005000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134047171.0000000001005000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1005000
|
| Size: |
8192
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2184332330.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
2FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283981204.0000000002FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFF000
|
| Size: |
4096
|
|
|
1305D4AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2297512660.000001305D4AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D4AB000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7151000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2213865901.0000000007151000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7151000
|
| Size: |
4096
|
|
|
554F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2318038084.000000000554F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
554F000
|
| Size: |
4096
|
|
|
178E3C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157252618.00000178E3C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E3C60000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262496072.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
4F91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262164097.0000000004F91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F91000
|
| Size: |
221184
|
|
|
10AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130800991.00000000010AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10AD000
|
| Size: |
73728
|
|
|
7FFD34410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301896582.00007FFD34410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34410000
|
| Size: |
65536
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781447713.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
388E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292749954.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
388E000
|
| Size: |
8192
|
|
|
178E3CDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157574129.00000178E3CDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CDE000
|
| Size: |
36864
|
|
|
358F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310710582.000000000358F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358F000
|
| Size: |
4096
|
|
|
115C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2306674632.000000000115C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
115C000
|
| Size: |
16384
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2241872271.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
4D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2316546334.0000000004D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D4E000
|
| Size: |
8192
|
|
|
4876000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000004876000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4876000
|
| Size: |
2195456
|
|
|
4DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3379470794.00000000004DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DC000
|
| Size: |
16384
|
|
|
1464000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210552363.0000000001464000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1464000
|
| Size: |
90112
|
|
|
4F91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2214588233.0000000004F91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F91000
|
| Size: |
49152
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201139617.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
8192
|
|
|
7FFD341F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300099697.00007FFD341F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD341F4000
|
| Size: |
36864
|
|
|
10CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2130768592.00000000010CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10CA000
|
| Size: |
49152
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285233774.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
147A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2215627968.000000000147A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147A000
|
| Size: |
12288
|
|
|
13043390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214845085.0000013043390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13043390000
|
| Size: |
4096
|
|
|
9F6B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212209150.00000009F6B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6B3E000
|
| Size: |
8192
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265242664.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
45A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179181827.00000000045A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45A0000
|
| Size: |
4096
|
|
|
377F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284274483.000000000377F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
377F000
|
| Size: |
4096
|
|
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2300965703.00007FFD34390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34390000
|
| Size: |
65536
|
|
|
178E3AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157137036.00000178E3AE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3AE0000
|
| Size: |
4096
|
|
|
178E3D24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156058579.00000178E3D24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D24000
|
| Size: |
8192
|
|
|
1240000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283600926.0000000001240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1240000
|
| Size: |
12288
|
|
|
1063000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131233791.0000000001063000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1063000
|
| Size: |
20480
|
|
|
FA1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000FA1000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FA1000
|
| Size: |
45056
|
|
|
F52000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140224450.0000000000F52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F52000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2762202104.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
101F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132821630.000000000101F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101F000
|
| Size: |
24576
|
|
|
35CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244377102.00000000035CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CE000
|
| Size: |
8192
|
|
|
38FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382900337.00000000038FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FF000
|
| Size: |
4096
|
|
|
7150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185400183.0000000007150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7150000
|
| Size: |
53248
|
|
|
1156000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000E.00000002.2291688170.0000000001156000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1156000
|
| Size: |
8192
|
|
|
E8B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2282845499.0000000000E8B000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E8B000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
286C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.000000000286C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
286C000
|
| Size: |
45056
|
|
|
DFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000DFB000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DFB000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
484E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315786200.000000000484E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484E000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2247450256.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
130470DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.00000130470DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
130470DB000
|
| Size: |
1400832
|
|
|
57A10FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157002692.00000057A10FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A10FE000
|
| Size: |
8192
|
|
|
6FF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184435773.0000000006FF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FF3000
|
| Size: |
49152
|
|
|
7FFD343D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301506861.00007FFD343D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD343D2000
|
| Size: |
4096
|
|
|
178E3CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155025253.00000178E3CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CBE000
|
| Size: |
102400
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2214907532.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
C69000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.2177434553.0000000000C69000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
C69000
|
| Size: |
4096
|
|
|
F11000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2241963594.0000000000F11000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F11000
|
| Size: |
45056
|
|
|
2C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292211513.0000000002C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C0E000
|
| Size: |
8192
|
|
|
52B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245634755.00000000052B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52B0000
|
| Size: |
4096
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138732936.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
147E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214690771.000000000147E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147E000
|
| Size: |
200704
|
|
|
39CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292805124.00000000039CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39CE000
|
| Size: |
8192
|
|
|
11DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283557607.00000000011DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11DE000
|
| Size: |
8192
|
|
|
FFB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2134428679.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFB000
|
| Size: |
40960
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2290955571.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
4096
|
|
|
57A0EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2156984108.00000057A0EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57A0EFE000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2232750044.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2761962759.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2207877756.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284342381.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
3C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284452956.0000000003C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C7F000
|
| Size: |
4096
|
|
|
4820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3384008990.0000000004820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
32768
|
|
|
3A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382976228.0000000003A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A7E000
|
| Size: |
8192
|
|
|
367E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284252753.000000000367E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
367E000
|
| Size: |
8192
|
|
|
36CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311922597.00000000036CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CE000
|
| Size: |
8192
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.2201486186.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
130453F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2249534603.00000130453F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
130453F0000
|
| Size: |
4096
|
|
|
6CCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183972169.0000000006CCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CCE000
|
| Size: |
8192
|
|
|
9F693E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211971761.00000009F693E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F693E000
|
| Size: |
8192
|
|
|
4DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2762179084.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
F44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135390670.0000000000F44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F44000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
178E3D24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155928209.00000178E3D24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D24000
|
| Size: |
8192
|
|
|
148D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2217115724.000000000148D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
148D000
|
| Size: |
139264
|
|
|
178E3C5D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156818091.00000178E3C5D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C5D000
|
| Size: |
8192
|
|
|
167B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307602342.000000000167B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
167B000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780724443.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
FA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135120150.0000000000FA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA3000
|
| Size: |
45056
|
|
|
130433FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.00000130433FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
130433FF000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293446380.0000000004C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C70000
|
| Size: |
4096
|
|
|
707A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2184991880.000000000707A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
707A000
|
| Size: |
151552
|
|
|
180E5E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2158014907.00000180E5E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E20000
|
| Size: |
4096
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292478539.000000000324E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
8192
|
|
|
74C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139380043.000000000074C000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
74C000
|
| Size: |
28672
|
|
|
1071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131233791.0000000001071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1071000
|
| Size: |
53248
|
|
|
178E3CDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2154963184.00000178E3CDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3CDE000
|
| Size: |
36864
|
|
|
7FFD34490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2302968171.00007FFD34490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34490000
|
| Size: |
65536
|
|
|
4E60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384632807.0000000004E60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2214974054.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
2F0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139328545.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0D000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183358043.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
FB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135058834.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB5000
|
| Size: |
16384
|
|
|
674F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245860593.000000000674F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
674F000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2757758964.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
2EF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139282277.0000000002EF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF2000
|
| Size: |
32768
|
|
|
DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139499538.0000000000DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCE000
|
| Size: |
8192
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2188451233.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
9F6779000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211818519.00000009F6779000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F6779000
|
| Size: |
28672
|
|
|
4641000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2252270637.0000000004641000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4641000
|
| Size: |
49152
|
|
|
9F66FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211792095.00000009F66FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F66FD000
|
| Size: |
12288
|
|
|
33BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284130775.00000000033BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781509122.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
4C22000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2211038421.0000000004C22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C22000
|
| Size: |
4096
|
|
|
103F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132821630.000000000103F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
103F000
|
| Size: |
20480
|
|
|
178E3C8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2157419191.00000178E3C8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3C8E000
|
| Size: |
102400
|
|
|
3E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244720803.0000000003E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4F000
|
| Size: |
4096
|
|
|
CF9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000D.00000000.2214611544.0000000000CF9000.00000008.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
742000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2127360233.0000000000742000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
742000
|
| Size: |
40960
|
|
|
2EC8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139188893.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC8000
|
| Size: |
36864
|
|
|
49CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245232610.00000000049CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49CE000
|
| Size: |
8192
|
|
|
FB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138927071.0000000000FB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB2000
|
| Size: |
12288
|
|
|
443F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383365626.000000000443F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
443F000
|
| Size: |
4096
|
|
|
407E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284610425.000000000407E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
407E000
|
| Size: |
8192
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2246291660.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2262361928.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
408F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315377838.000000000408F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
408F000
|
| Size: |
4096
|
|
|
688F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245910092.000000000688F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
688F000
|
| Size: |
4096
|
|
|
178E3D0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155928209.00000178E3D0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D0F000
|
| Size: |
4096
|
|
|
3250000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2264063965.0000000003250000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2764245449.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1055000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131328781.0000000001055000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1055000
|
| Size: |
57344
|
|
|
55C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2318276680.00000000055C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55C0000
|
| Size: |
4096
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132239401.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
20480
|
|
|
4B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293397687.0000000004B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B1E000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2246228762.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
180E5B55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155597970.00000180E5B55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
180E5B55000
|
| Size: |
12288
|
|
|
1474000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214796543.0000000001474000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1474000
|
| Size: |
24576
|
|
|
180E5E39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155538755.00000180E5E39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E5E39000
|
| Size: |
28672
|
|
|
367F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382792531.000000000367F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
367F000
|
| Size: |
4096
|
|
|
872C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2246149455.000000000872C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
872C000
|
| Size: |
16384
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134122875.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
4FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2231627237.0000000004FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FC0000
|
| Size: |
163840
|
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2283893769.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DF0000
|
| Size: |
16384
|
|
|
2DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.2242030656.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000003.2761808663.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
8192
|
|
|
470E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179460151.000000000470E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208218925.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4223000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2179032113.0000000004223000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4223000
|
| Size: |
4096
|
|
|
178E3D1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2155928209.00000178E3D1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D1F000
|
| Size: |
12288
|
|
|
42FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383293843.00000000042FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42FF000
|
| Size: |
4096
|
|
|
6B8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183870910.0000000006B8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B8D000
|
| Size: |
12288
|
|
|
CF9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291174044.0000000000CF9000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209342857.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
5046000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179500896.0000000005046000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5046000
|
| Size: |
569344
|
|
|
C91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000E.00000000.2225312109.0000000000C91000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C91000
|
| Size: |
393216
|
|
|
330F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244247239.000000000330F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
4096
|
|
|
9E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.00000000009E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E9000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
303E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284007213.000000000303E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
8192
|
|
|
5190000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.2285298997.0000000005190000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5190000
|
| Size: |
4096
|
|
|
3BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244624750.0000000003BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCF000
|
| Size: |
4096
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2745265637.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
1305D4EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2298356914.000001305D4EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1305D4EC000
|
| Size: |
28672
|
|
|
353E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284205545.000000000353E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353E000
|
| Size: |
8192
|
|
|
FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138134754.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB1000
|
| Size: |
16384
|
|
|
F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2139856701.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F10000
|
| Size: |
20480
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282402395.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
16384
|
|
|
7FFD344B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2303224632.00007FFD344B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD344B0000
|
| Size: |
65536
|
|
|
680000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2127278144.0000000000680000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
320E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2244218422.000000000320E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320E000
|
| Size: |
8192
|
|
|
3504000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140926116.0000000003504000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3504000
|
| Size: |
8192
|
|
|
45C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179279975.00000000045C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45C0000
|
| Size: |
4096
|
|
|
990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2761555556.0000000000990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
53248
|
|
|
3E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314433988.0000000003E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4E000
|
| Size: |
8192
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2759436497.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
2F4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139502152.0000000002F4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
32768
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183510110.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
2F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139350673.0000000002F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F38000
|
| Size: |
20480
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2207910787.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293512155.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
4096
|
|
|
30BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139637218.00000000030BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BE000
|
| Size: |
8192
|
|
|
10A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140465814.00000000010A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A1000
|
| Size: |
8192
|
|
|
109E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138231150.000000000109E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109E000
|
| Size: |
20480
|
|
|
524E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385149913.000000000524E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
524E000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2235890091.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2759540498.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
192512
|
|
|
5194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139816031.0000000005194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5194000
|
| Size: |
8192
|
|
|
52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2245658272.00000000052C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310670808.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
1401000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243186358.0000000001401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1401000
|
| Size: |
45056
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2138831515.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
8192
|
|
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304264006.00007FFD34530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34530000
|
| Size: |
40960
|
|
|
147C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2210712676.000000000147C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147C000
|
| Size: |
86016
|
|
|
69CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245979197.00000000069CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69CF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2203673100.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
E8B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2291195771.0000000000E8B000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E8B000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2140337404.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FCA000
|
| Size: |
4096
|
|
|
3C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292883572.0000000003C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0F000
|
| Size: |
4096
|
|
|
689D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183604167.000000000689D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
689D000
|
| Size: |
12288
|
|
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2304346627.00007FFD34540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD34540000
|
| Size: |
65536
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131218009.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
28672
|
|
|
32FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382657240.00000000032FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FE000
|
| Size: |
8192
|
|
|
407F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383200753.000000000407F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
407F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780324610.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
C6B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2305433391.0000000000C6B000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C6B000
|
| Size: |
1626112
|
|
|
9F61DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211609798.00000009F61DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F61DE000
|
| Size: |
8192
|
|
|
2840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178696280.0000000002840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2840000
|
| Size: |
28672
|
|
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2301664720.00007FFD343F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD343F0000
|
| Size: |
65536
|
|
|
6AAA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2183784426.0000000006AAA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AAA000
|
| Size: |
24576
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2746019523.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
18AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2309318365.00000000018AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18AE000
|
| Size: |
8192
|
|
|
1650000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2218861972.0000000001650000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
53248
|
|
|
970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2756145092.0000000000970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
53248
|
|
|
4C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2191106983.0000000004C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
53248
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139350673.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
49152
|
|
|
102D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2132821630.000000000102D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
102D000
|
| Size: |
45056
|
|
|
E8B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3380831318.0000000000E8B000.00000040.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E8B000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2186389437.0000000007D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D10000
|
| Size: |
4096
|
|
|
6397000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135301990.0000000006397000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6397000
|
| Size: |
4096
|
|
|
4E93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136007301.0000000004E93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E93000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2195817847.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
13046B8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.0000013046B8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13046B8E000
|
| Size: |
1396736
|
|
|
4E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2317454620.0000000004E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E4F000
|
| Size: |
4096
|
|
|
4CD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2293626168.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD0000
|
| Size: |
4096
|
|
|
7FFD342AC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2300591665.00007FFD342AC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD342AC000
|
| Size: |
12288
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779904880.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
BA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2220185256.0000000000BA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA4000
|
| Size: |
4096
|
|
|
7FFD343E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2301546483.00007FFD343E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FFD343E0000
|
| Size: |
28672
|
|
|
1088000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2131188520.0000000001088000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1088000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
317E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284057971.000000000317E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
8192
|
|
|
178E3D1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2156003922.00000178E3D1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
178E3D1F000
|
| Size: |
12288
|
|
|
A18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3380192255.0000000000A18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A18000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
34CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292584455.00000000034CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34CE000
|
| Size: |
8192
|
|
|
4640000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2293354525.0000000004640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4640000
|
| Size: |
4096
|
|
|
5E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140812803.0000000005E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E4E000
|
| Size: |
8192
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.3384510404.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000003.2265171847.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779950953.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
FB2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000013.00000002.3381831543.0000000000FB2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB2000
|
| Size: |
1712128
|
|
|
C6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291045798.0000000000C6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C6E000
|
| Size: |
8192
|
|
|
C62000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.2177363076.0000000000C62000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C62000
|
| Size: |
16384
|
|
|
10C4000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2306546564.00000000010C4000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
10C4000
|
| Size: |
8192
|
|
|
2F57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2134376480.0000000002F57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F57000
|
| Size: |
110592
|
|
|
1439000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2243683154.0000000001439000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1439000
|
| Size: |
81920
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2780524755.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
50B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2198640066.00000000050B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
53248
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2135390670.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
8192
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000003.2250841650.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
461E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2179328004.000000000461E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461E000
|
| Size: |
8192
|
|
|
13046CE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.0000013046CE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13046CE4000
|
| Size: |
4145152
|
|
|
47FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284917740.00000000047FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47FE000
|
| Size: |
8192
|
|
|
750000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2127409621.0000000000750000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
3DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284499241.0000000003DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DBF000
|
| Size: |
4096
|
|
|
FB2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000002.2283322228.0000000000FB2000.00000080.00000001.01000000.0000000F.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FB2000
|
| Size: |
1712128
|
|
|
2787000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2291881086.0000000002787000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2787000
|
| Size: |
8192
|
|
|
721E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185488873.000000000721E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
721E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2781418707.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
6740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2143005441.0000000006740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6740000
|
| Size: |
36864
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2208087273.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4660000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.2179372426.0000000004660000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
4660000
|
| Size: |
4096
|
|
|
15F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2266858342.00000000015F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F4000
|
| Size: |
4096
|
|
|
6430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2135079985.0000000006430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6430000
|
| Size: |
4096
|
|
|
5F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2140894318.0000000005F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F4F000
|
| Size: |
4096
|
|
|
7E4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187513502.0000000007E4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E4D000
|
| Size: |
4096
|
|
|
2F4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2136619255.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4B000
|
| Size: |
8192
|
|
|
821E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187916010.000000000821E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
821E000
|
| Size: |
8192
|
|
|
9F67BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211856060.00000009F67BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F67BE000
|
| Size: |
8192
|
|
|
6645000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2214271383.0000000006645000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6645000
|
| Size: |
8192
|
|
|
CF9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000013.00000000.2739784450.0000000000CF9000.00000008.00000001.01000000.0000000F.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
CF9000
|
| Size: |
4096
|
|
|
281E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2178669505.000000000281E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
281E000
|
| Size: |
8192
|
|
|
5190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2139816031.0000000005190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
8192
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2306808928.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
4096
|
|
|
819E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187776107.000000000819E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
819E000
|
| Size: |
8192
|
|
|
8220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2187937193.0000000008220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8220000
|
| Size: |
32768
|
|
|
374E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292692009.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779505000.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
9F65FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2211747526.00000009F65FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F65FF000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2779731290.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
2BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292185497.0000000002BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BCF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2209286132.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
40CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315405477.00000000040CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CE000
|
| Size: |
8192
|
|
|
7290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2185830855.0000000007290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7290000
|
| Size: |
65536
|
|
|
4630000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2236722918.0000000004630000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
53248
|
|
|
55ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385293001.00000000055ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55ED000
|
| Size: |
12288
|
|
|
15F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307247035.00000000015F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F0000
|
| Size: |
16384
|
|
|
1200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2241509007.0000000001200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1200000
|
| Size: |
53248
|
|
|
48FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2284953581.00000000048FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48FF000
|
| Size: |
4096
|
|
|
3F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3383179424.0000000003F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F7E000
|
| Size: |
8192
|
|
|
520E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3385065198.000000000520E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
520E000
|
| Size: |
8192
|
|
|
3E8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292990419.0000000003E8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8F000
|
| Size: |
4096
|
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2138845785.0000000000A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
8192
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2763845196.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
1007000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2133987067.0000000001007000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1007000
|
| Size: |
49152
|
|
|
1304344D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.000001304344D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1304344D000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2292343311.0000000002F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8F000
|
| Size: |
4096
|
|
|
4801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000003.2759601853.0000000004801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4801000
|
| Size: |
4096
|
|
|
488E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2245181507.000000000488E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488E000
|
| Size: |
8192
|
|
|
C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.2282560059.0000000000C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C5E000
|
| Size: |
8192
|
|
|
31BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.3382575861.00000000031BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2183430620.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.2206636967.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.2225412049.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
1304340D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2215482006.000001304340D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1304340D000
|
| Size: |
4096
|
|
|
130470D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2250918928.00000130470D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
130470D9000
|
| Size: |
4096
|
|
