|
8F2000
|
unkown
|
page readonly
|
 |
|
|
| Name: |
00000000.00000000.1166290466.00000000008F2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8F2000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Njrat |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May infect USB drives |
Spreading |
Replication Through Removable Media
|
| Yara signature match |
System Summary |
|
|
|
2781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2781000
|
| Size: |
3428352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Njrat |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May infect USB drives |
Spreading |
Replication Through Removable Media
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239995654.0000000001400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
4096
|
|
|
D27000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613531033.0000000000D27000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D27000
|
| Size: |
4096
|
|
|
A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3623257014.0000000000A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
8192
|
|
|
C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301071822.0000000000C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C21000
|
| Size: |
139264
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625195470.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
16384
|
|
|
50EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533254816.00000000050EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50EE000
|
| Size: |
8192
|
|
|
597E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451928680.000000000597E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
597E000
|
| Size: |
8192
|
|
|
C1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303669432.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C1E000
|
| Size: |
331776
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612914499.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
24576
|
|
|
39D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613746232.00000000039D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D1000
|
| Size: |
8192
|
|
|
2F71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533047049.0000000002F71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F71000
|
| Size: |
8192
|
|
|
513F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240329818.000000000513F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513F000
|
| Size: |
4096
|
|
|
C74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305234427.0000000000C74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C74000
|
| Size: |
12288
|
|
|
5208000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302462402.0000000005208000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5208000
|
| Size: |
16384
|
|
|
C2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302077022.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
348160
|
|
|
C29000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305124908.0000000000C29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C29000
|
| Size: |
8192
|
|
|
5ABF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451959209.0000000005ABF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABF000
|
| Size: |
4096
|
|
|
559F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533465245.000000000559F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
559F000
|
| Size: |
4096
|
|
|
900000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1612896388.0000000000900000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
900000
|
| Size: |
4096
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301996111.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
135168
|
|
|
7DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622447332.00000000007DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DE000
|
| Size: |
172032
|
|
|
1167000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532607798.0000000001167000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1167000
|
| Size: |
4096
|
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3894000
|
| Size: |
143360
|
|
|
C24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303709918.0000000000C24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C24000
|
| Size: |
307200
|
|
|
CD2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613289193.0000000000CD2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CD2000
|
| Size: |
4096
|
|
|
D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532308438.0000000000D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D8E000
|
| Size: |
8192
|
|
|
503F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305708354.000000000503F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
503F000
|
| Size: |
4096
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532147891.0000000000C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
4096
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612857365.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
16384
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302953979.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
49152
|
|
|
2FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240194580.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
360448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May infect USB drives |
Spreading |
Replication Through Removable Media
|
|
|
4B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613823127.0000000004B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B6E000
|
| Size: |
8192
|
|
|
14A2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451387615.00000000014A2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14A2000
|
| Size: |
12288
|
|
|
DC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532341590.0000000000DC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC5000
|
| Size: |
12288
|
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239203414.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
16384
|
|
|
12DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239755731.00000000012DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DF000
|
| Size: |
4096
|
|
|
111F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532452733.000000000111F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
111F000
|
| Size: |
4096
|
|
|
C23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305101799.0000000000C23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C23000
|
| Size: |
4096
|
|
|
8D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622936299.00000000008D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D7000
|
| Size: |
8192
|
|
|
C77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303934784.0000000000C77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C77000
|
| Size: |
16384
|
|
|
C75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301792069.0000000000C75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C75000
|
| Size: |
40960
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451230145.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
98B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1238974910.000000000098B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98B000
|
| Size: |
20480
|
|
|
4D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627944684.0000000004D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D80000
|
| Size: |
229376
|
|
|
C06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304262241.0000000000C06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C06000
|
| Size: |
77824
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301895889.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
8192
|
|
|
34F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451732548.00000000034F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F4000
|
| Size: |
131072
|
|
|
C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6D000
|
| Size: |
65536
|
|
|
B5D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304803041.0000000000B5D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B5D000
|
| Size: |
12288
|
|
|
5AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451973222.0000000005AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AFE000
|
| Size: |
8192
|
|
|
268E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613667258.000000000268E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
268E000
|
| Size: |
8192
|
|
|
C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532129820.0000000000C20000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
4096
|
|
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239378711.0000000000EFA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EFA000
|
| Size: |
4096
|
|
|
CF6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239088077.0000000000CF6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF6000
|
| Size: |
40960
|
|
|
4D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627944684.0000000004D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
36864
|
|
|
14DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451457753.00000000014DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14DB000
|
| Size: |
4096
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301699530.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
12288
|
|
|
1130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532503944.0000000001130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
8192
|
|
|
C74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302900913.0000000000C74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C74000
|
| Size: |
339968
|
|
|
C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304342428.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6D000
|
| Size: |
8192
|
|
|
1056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000001056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1056000
|
| Size: |
319488
|
|
|
8FC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1166310569.00000000008FC000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8FC000
|
| Size: |
4096
|
|
|
1A90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451685418.0000000001A90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1A90000
|
| Size: |
4096
|
|
|
133E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451291754.000000000133E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
133E000
|
| Size: |
8192
|
|
|
515E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614105099.000000000515E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
515E000
|
| Size: |
8192
|
|
|
C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301419645.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6D000
|
| Size: |
8192
|
|
|
1860000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451609791.0000000001860000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1860000
|
| Size: |
12288
|
|
|
2C1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1E000
|
| Size: |
675840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
14F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451468795.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F8000
|
| Size: |
73728
|
|
|
11EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532656414.00000000011EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11EE000
|
| Size: |
8192
|
|
|
C2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301263234.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2D000
|
| Size: |
90112
|
|
|
A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3624876028.0000000000A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
507E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305751247.000000000507E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
507E000
|
| Size: |
8192
|
|
|
EDA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239281063.0000000000EDA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EDA000
|
| Size: |
8192
|
|
|
8D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622936299.00000000008D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D3000
|
| Size: |
12288
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301419645.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
36864
|
|
|
5204000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303841480.0000000005204000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5204000
|
| Size: |
8192
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240055729.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
4096
|
|
|
C7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303103588.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7F000
|
| Size: |
294912
|
|
|
C2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304217730.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2B000
|
| Size: |
81920
|
|
|
EF2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239350595.0000000000EF2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EF2000
|
| Size: |
20480
|
|
|
4788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627381324.0000000004788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4788000
|
| Size: |
8192
|
|
|
51FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305876955.00000000051FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FC000
|
| Size: |
4096
|
|
|
B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625341045.0000000000B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B70000
|
| Size: |
12288
|
|
|
2AF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF8000
|
| Size: |
1064960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
C16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304323228.0000000000C16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C16000
|
| Size: |
12288
|
|
|
2F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533047049.0000000002F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F74000
|
| Size: |
131072
|
|
|
BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304957849.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
24576
|
|
|
C7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301207694.0000000000C7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7E000
|
| Size: |
20480
|
|
|
C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303153384.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6D000
|
| Size: |
8192
|
|
|
C42000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305172600.0000000000C42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C42000
|
| Size: |
135168
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301996111.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
4096
|
|
|
F27000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239459878.0000000000F27000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F27000
|
| Size: |
4096
|
|
|
31AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451718621.00000000031AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31AE000
|
| Size: |
8192
|
|
|
51FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302565173.00000000051FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FB000
|
| Size: |
8192
|
|
|
DCE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305383499.0000000000DCE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DCE000
|
| Size: |
8192
|
|
|
1460000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1240138987.0000000001460000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1460000
|
| Size: |
4096
|
|
|
534D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240350166.000000000534D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
534D000
|
| Size: |
12288
|
|
|
A4A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623346036.0000000000A4A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A4A000
|
| Size: |
8192
|
|
|
83C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622447332.000000000083C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83C000
|
| Size: |
266240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
44F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451772371.00000000044F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F1000
|
| Size: |
8192
|
|
|
112A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532488312.000000000112A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
112A000
|
| Size: |
4096
|
|
|
CE6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613408512.0000000000CE6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CE6000
|
| Size: |
4096
|
|
|
51F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302713228.00000000051F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F1000
|
| Size: |
4096
|
|
|
C73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301225126.0000000000C73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C73000
|
| Size: |
45056
|
|
|
2F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305460021.0000000002F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
8192
|
|
|
C22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304303337.0000000000C22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C22000
|
| Size: |
8192
|
|
|
7D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622447332.00000000007D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D8000
|
| Size: |
16384
|
|
|
243F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625482280.000000000243F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
243F000
|
| Size: |
4096
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301263234.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
69632
|
|
|
520B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304199202.000000000520B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520B000
|
| Size: |
12288
|
|
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613866289.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
51F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302371834.00000000051F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F7000
|
| Size: |
24576
|
|
|
C67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301965078.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C67000
|
| Size: |
32768
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451351042.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
16384
|
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3628173105.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
65536
|
|
|
C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303004927.0000000000C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C21000
|
| Size: |
4096
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301190750.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
32768
|
|
|
C66000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305206166.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C66000
|
| Size: |
36864
|
|
|
1290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532716627.0000000001290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1290000
|
| Size: |
61440
|
|
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623522731.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A6A000
|
| Size: |
4096
|
|
|
5190000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533350427.0000000005190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
4096
|
|
|
14D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451435546.00000000014D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
4096
|
|
|
EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239299639.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
24576
|
|
|
51D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305837231.00000000051D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
135168
|
|
|
51FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302342120.00000000051FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FD000
|
| Size: |
61440
|
|
|
5BFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451988437.0000000005BFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BFF000
|
| Size: |
4096
|
|
|
CC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304142707.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC7000
|
| Size: |
12288
|
|
|
1380000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532903932.0000000001380000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1380000
|
| Size: |
4096
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239156383.0000000000E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
8192
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612839449.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
4096
|
|
|
C7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305283696.0000000000C7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7E000
|
| Size: |
282624
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532326072.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
4096
|
|
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239439197.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F1A000
|
| Size: |
4096
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301071822.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
135168
|
|
|
12EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532758404.00000000012EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EE000
|
| Size: |
8192
|
|
|
4BEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627823904.0000000004BEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BEC000
|
| Size: |
16384
|
|
|
EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239318866.0000000000EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
8192
|
|
|
2BFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002BFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BFF000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301622343.0000000000C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
4096
|
|
|
776000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612798615.0000000000776000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
776000
|
| Size: |
40960
|
|
|
573F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240769054.000000000573F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
573F000
|
| Size: |
4096
|
|
|
29D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613688315.00000000029D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29D1000
|
| Size: |
8192
|
|
|
13DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239831835.00000000013DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13DE000
|
| Size: |
8192
|
|
|
BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613206248.0000000000BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBD000
|
| Size: |
12288
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612820144.00000000007E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613607968.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
4096
|
|
|
4C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613941604.0000000004C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C9E000
|
| Size: |
8192
|
|
|
B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625138427.0000000000B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
65536
|
|
|
4D6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627922255.0000000004D6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D6D000
|
| Size: |
12288
|
|
|
9E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3623160265.00000000009E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E0000
|
| Size: |
4096
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301699530.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
61440
|
|
|
4C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613917555.0000000004C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
4EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614026333.0000000004EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EDE000
|
| Size: |
8192
|
|
|
51F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303491384.00000000051F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F1000
|
| Size: |
12288
|
|
|
18A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451648912.00000000018A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A0000
|
| Size: |
12288
|
|
|
14A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451376103.00000000014A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14A0000
|
| Size: |
8192
|
|
|
A87000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3625051018.0000000000A87000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A87000
|
| Size: |
4096
|
|
|
ED2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239264193.0000000000ED2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ED2000
|
| Size: |
4096
|
|
|
C3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301539296.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C3F000
|
| Size: |
16384
|
|
|
516E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533331463.000000000516E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
516E000
|
| Size: |
8192
|
|
|
92D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612914499.000000000092D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
92D000
|
| Size: |
57344
|
|
|
C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301451867.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6D000
|
| Size: |
8192
|
|
|
4B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627782511.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
4096
|
|
|
A67000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623493775.0000000000A67000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A67000
|
| Size: |
4096
|
|
|
B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613188711.0000000000B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7F000
|
| Size: |
4096
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302162832.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
131072
|
|
|
383F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.000000000383F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
383F000
|
| Size: |
143360
|
|
|
CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613371957.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE0000
|
| Size: |
8192
|
|
|
113C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532556273.000000000113C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
113C000
|
| Size: |
4096
|
|
|
C79000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305259288.0000000000C79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C79000
|
| Size: |
8192
|
|
|
4F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305619760.0000000004F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
8192
|
|
|
A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304636036.0000000000A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
16384
|
|
|
B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625236409.0000000000B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5E000
|
| Size: |
8192
|
|
|
505E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614084148.000000000505E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
505E000
|
| Size: |
8192
|
|
|
13A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451317532.00000000013A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
8192
|
|
|
4BAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627803085.0000000004BAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BAB000
|
| Size: |
20480
|
|
|
1160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532592043.0000000001160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
4096
|
|
|
A82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625024839.0000000000A82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A82000
|
| Size: |
4096
|
|
|
13F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239910924.00000000013F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13F0000
|
| Size: |
8192
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301369034.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
12288
|
|
|
4C6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627874329.0000000004C6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C6C000
|
| Size: |
16384
|
|
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613309809.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CDA000
|
| Size: |
4096
|
|
|
14C2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451423185.00000000014C2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14C2000
|
| Size: |
4096
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239179940.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
12288
|
|
|
520D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305932236.000000000520D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520D000
|
| Size: |
4096
|
|
|
C7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301682661.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7F000
|
| Size: |
16384
|
|
|
BAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304866608.0000000000BAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BAE000
|
| Size: |
8192
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239009480.00000000009F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
4096
|
|
|
A42000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623302586.0000000000A42000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A42000
|
| Size: |
8192
|
|
|
520B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302670673.000000000520B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520B000
|
| Size: |
4096
|
|
|
C09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304957849.0000000000C09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C09000
|
| Size: |
65536
|
|
|
4D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613987697.0000000004D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D9E000
|
| Size: |
8192
|
|
|
568E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451837250.000000000568E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
568E000
|
| Size: |
8192
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302141175.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
32768
|
|
|
5207000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303841480.0000000005207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5207000
|
| Size: |
28672
|
|
|
C7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301843636.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7B000
|
| Size: |
16384
|
|
|
16EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451559894.00000000016EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16EF000
|
| Size: |
4096
|
|
|
B90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3625408749.0000000000B90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
B90000
|
| Size: |
8192
|
|
|
C6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301401704.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6C000
|
| Size: |
12288
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303995041.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
49152
|
|
|
C84000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000C84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C84000
|
| Size: |
4096
|
|
|
5690000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451851538.0000000005690000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5690000
|
| Size: |
4096
|
|
|
D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613511683.0000000000D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
12288
|
|
|
A7A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3624970909.0000000000A7A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A7A000
|
| Size: |
4096
|
|
|
1132000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532519843.0000000001132000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1132000
|
| Size: |
12288
|
|
|
2C1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002C1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1C000
|
| Size: |
4096
|
|
|
ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625106948.0000000000ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACE000
|
| Size: |
8192
|
|
|
4C2D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627854955.0000000004C2D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C2D000
|
| Size: |
12288
|
|
|
C1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301318745.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C1E000
|
| Size: |
12288
|
|
|
14A6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451387615.00000000014A6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14A6000
|
| Size: |
4096
|
|
|
F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239500931.0000000000F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F6E000
|
| Size: |
8192
|
|
|
8F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1166271806.00000000008F0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8F0000
|
| Size: |
4096
|
|
|
C6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301792069.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6F000
|
| Size: |
8192
|
|
|
C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305080281.0000000000C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
4096
|
|
|
FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532417712.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FD0000
|
| Size: |
12288
|
|
|
501F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614064738.000000000501F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
501F000
|
| Size: |
4096
|
|
|
F4B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451199798.0000000000F4B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F4B000
|
| Size: |
20480
|
|
|
C78000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302186806.0000000000C78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C78000
|
| Size: |
45056
|
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613115593.0000000000A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
8192
|
|
|
C67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301895889.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C67000
|
| Size: |
32768
|
|
|
C6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302035625.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6C000
|
| Size: |
12288
|
|
|
370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622116952.0000000000370000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
370000
|
| Size: |
4096
|
|
|
E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239136377.0000000000E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E1E000
|
| Size: |
8192
|
|
|
558E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240448972.000000000558E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
558E000
|
| Size: |
8192
|
|
|
CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613242105.0000000000CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
8192
|
|
|
13E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239870766.00000000013E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
61440
|
|
|
CC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303955693.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC3000
|
| Size: |
8192
|
|
|
80D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622447332.000000000080D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80D000
|
| Size: |
188416
|
|
|
BD7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304957849.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD7000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
8D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622883837.00000000008D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D0000
|
| Size: |
4096
|
|
|
C78000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301243113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C78000
|
| Size: |
24576
|
|
|
5206000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303649991.0000000005206000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5206000
|
| Size: |
32768
|
|
|
59BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451943456.00000000059BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59BE000
|
| Size: |
8192
|
|
|
577E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240824342.000000000577E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
577E000
|
| Size: |
8192
|
|
|
1300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532835929.0000000001300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532738214.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
12288
|
|
|
4780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627381324.0000000004780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4780000
|
| Size: |
4096
|
|
|
29D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613688315.00000000029D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29D4000
|
| Size: |
131072
|
|
|
1A80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451674269.0000000001A80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A80000
|
| Size: |
4096
|
|
|
7CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304528163.00000000007CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CB000
|
| Size: |
4096
|
|
|
F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532384499.0000000000F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
8192
|
|
|
C2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301699530.0000000000C2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2A000
|
| Size: |
225280
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
24576
|
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532639503.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A0000
|
| Size: |
12288
|
|
|
5203000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302438613.0000000005203000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5203000
|
| Size: |
36864
|
|
|
38E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.00000000038E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38E9000
|
| Size: |
143360
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451351042.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
12288
|
|
|
9B6000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532109446.00000000009B6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B6000
|
| Size: |
40960
|
|
|
1880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451621809.0000000001880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1880000
|
| Size: |
61440
|
|
|
517F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305798881.000000000517F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517F000
|
| Size: |
4096
|
|
|
51FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302713228.00000000051FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FC000
|
| Size: |
4096
|
|
|
C46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301486579.0000000000C46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C46000
|
| Size: |
8192
|
|
|
380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622179607.0000000000380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
380000
|
| Size: |
8192
|
|
|
1524000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451468795.0000000001524000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1524000
|
| Size: |
126976
|
|
|
3E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622235779.00000000003E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E5000
|
| Size: |
8192
|
|
|
815000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612857365.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
815000
|
| Size: |
12288
|
|
|
C6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301451867.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6A000
|
| Size: |
8192
|
|
|
C7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301369034.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7B000
|
| Size: |
12288
|
|
|
3781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.0000000003781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3781000
|
| Size: |
163840
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3623104352.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
12288
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304957849.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
90112
|
|
|
FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451242704.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF0000
|
| Size: |
12288
|
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613626278.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
12288
|
|
|
CCE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304142707.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
4096
|
|
|
CCE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305361455.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
4096
|
|
|
59BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240969316.00000000059BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59BE000
|
| Size: |
8192
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622447332.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
24576
|
|
|
EFC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239399988.0000000000EFC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EFC000
|
| Size: |
4096
|
|
|
C2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305145907.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
69632
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303538797.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
745472
|
|
|
C22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302838897.0000000000C22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C22000
|
| Size: |
8192
|
|
|
5C6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1241552399.0000000005C6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C6E000
|
| Size: |
8192
|
|
|
1A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451661343.0000000001A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1A7E000
|
| Size: |
8192
|
|
|
918000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612914499.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
918000
|
| Size: |
73728
|
|
|
587F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240902014.000000000587F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
587F000
|
| Size: |
4096
|
|
|
12F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532818959.00000000012F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12F0000
|
| Size: |
4096
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451468795.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
24576
|
|
|
67B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612754250.000000000067B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67B000
|
| Size: |
20480
|
|
|
116B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532623311.000000000116B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
116B000
|
| Size: |
4096
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301539296.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
4096
|
|
|
B60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3625272341.0000000000B60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B60000
|
| Size: |
12288
|
|
|
2BFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002BFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BFD000
|
| Size: |
4096
|
|
|
1640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240173131.0000000001640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1640000
|
| Size: |
16384
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3623202518.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
12288
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532341590.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
16384
|
|
|
4AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305587765.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
40960
|
|
|
5201000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305912699.0000000005201000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5201000
|
| Size: |
8192
|
|
|
1830000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451597603.0000000001830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1830000
|
| Size: |
4096
|
|
|
C7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304017459.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7F000
|
| Size: |
278528
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301792069.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
12288
|
|
|
DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613586808.0000000000DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBE000
|
| Size: |
8192
|
|
|
1545000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451468795.0000000001545000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1545000
|
| Size: |
114688
|
|
|
A52000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623428716.0000000000A52000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A52000
|
| Size: |
24576
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302974012.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
143360
|
|
|
FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532401746.0000000000FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
8192
|
|
|
37EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.00000000037EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37EA000
|
| Size: |
147456
|
|
|
5B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1241477445.0000000005B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B6E000
|
| Size: |
8192
|
|
|
FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239521158.0000000000FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
8192
|
|
|
544E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240380735.000000000544E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
544E000
|
| Size: |
8192
|
|
|
548E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240411412.000000000548E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
548E000
|
| Size: |
8192
|
|
|
512E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533306661.000000000512E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
512E000
|
| Size: |
8192
|
|
|
C77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303055207.0000000000C77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C77000
|
| Size: |
327680
|
|
|
C46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301539296.0000000000C46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C46000
|
| Size: |
8192
|
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451215827.0000000000FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
C71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302237477.0000000000C71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C71000
|
| Size: |
28672
|
|
|
CE2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613408512.0000000000CE2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CE2000
|
| Size: |
12288
|
|
|
D2B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613549184.0000000000D2B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D2B000
|
| Size: |
4096
|
|
|
13BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451339896.00000000013BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13BA000
|
| Size: |
4096
|
|
|
7CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304528163.00000000007CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CE000
|
| Size: |
8192
|
|
|
C64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304239653.0000000000C64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C64000
|
| Size: |
45056
|
|
|
C69000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302213076.0000000000C69000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C69000
|
| Size: |
61440
|
|
|
5203000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303821636.0000000005203000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5203000
|
| Size: |
12288
|
|
|
C6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301333595.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6F000
|
| Size: |
16384
|
|
|
A72000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3624927421.0000000000A72000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A72000
|
| Size: |
4096
|
|
|
14AC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451410882.00000000014AC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14AC000
|
| Size: |
4096
|
|
|
150D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451468795.000000000150D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150D000
|
| Size: |
65536
|
|
|
C75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301699530.0000000000C75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C75000
|
| Size: |
40960
|
|
|
A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3623386453.0000000000A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
8192
|
|
|
C3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303899855.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C3F000
|
| Size: |
196608
|
|
|
587E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451916000.000000000587E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
587E000
|
| Size: |
8192
|
|
|
1136000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532519843.0000000001136000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1136000
|
| Size: |
4096
|
|
|
C62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301486579.0000000000C62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C62000
|
| Size: |
4096
|
|
|
3146000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305507999.0000000003146000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3146000
|
| Size: |
36864
|
|
|
C2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302791113.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2B000
|
| Size: |
81920
|
|
|
1430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240093659.0000000001430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1430000
|
| Size: |
65536
|
|
|
3FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240260841.0000000003FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA1000
|
| Size: |
20480
|
|
|
6CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304505635.00000000006CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CB000
|
| Size: |
20480
|
|
|
EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239232449.0000000000EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EC0000
|
| Size: |
8192
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304768165.0000000000A40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
4096
|
|
|
C2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301486579.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
86016
|
|
|
D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613567507.0000000000D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
8192
|
|
|
C6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302604700.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6F000
|
| Size: |
393216
|
|
|
583E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451902234.000000000583E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
583E000
|
| Size: |
8192
|
|
|
137E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451305449.000000000137E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
8192
|
|
|
1122000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532472198.0000000001122000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1122000
|
| Size: |
4096
|
|
|
4F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614045211.0000000004F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
8192
|
|
|
4B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613842369.0000000004B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B90000
|
| Size: |
61440
|
|
|
C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303975077.0000000000C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C21000
|
| Size: |
12288
|
|
|
CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CBE000
|
| Size: |
4096
|
|
|
50AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533226277.00000000050AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50AD000
|
| Size: |
12288
|
|
|
14D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451446708.00000000014D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14D7000
|
| Size: |
4096
|
|
|
C64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301876659.0000000000C64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C64000
|
| Size: |
45056
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301622343.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
16384
|
|
|
C86000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000C86000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C86000
|
| Size: |
221184
|
|
|
C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301843636.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
12288
|
|
|
A5A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3623463065.0000000000A5A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A5A000
|
| Size: |
12288
|
|
|
C46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301071822.0000000000C46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C46000
|
| Size: |
8192
|
|
|
C23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303004927.0000000000C23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C23000
|
| Size: |
4096
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304829967.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
8192
|
|
|
3F71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533112070.0000000003F71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F71000
|
| Size: |
8192
|
|
|
7BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304528163.00000000007BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
8192
|
|
|
30A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3621968424.000000000030A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30A000
|
| Size: |
24576
|
|
|
C1C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302862108.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C1C000
|
| Size: |
24576
|
|
|
C71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301660525.0000000000C71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C71000
|
| Size: |
73728
|
|
|
1020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000001020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1020000
|
| Size: |
212992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532025269.00000000008BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8BB000
|
| Size: |
20480
|
|
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3627743577.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AF0000
|
| Size: |
12288
|
|
|
51FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303491384.00000000051FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FC000
|
| Size: |
73728
|
|
|
E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305430398.0000000000E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
13B2000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1451328826.00000000013B2000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13B2000
|
| Size: |
4096
|
|
|
4970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304432342.0000000004970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4970000
|
| Size: |
4096
|
|
|
A7C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3624997689.0000000000A7C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A7C000
|
| Size: |
4096
|
|
|
34F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451732548.00000000034F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F1000
|
| Size: |
8192
|
|
|
CC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304142707.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC4000
|
| Size: |
4096
|
|
|
CC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302690678.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC7000
|
| Size: |
16384
|
|
|
C23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302862108.0000000000C23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C23000
|
| Size: |
4096
|
|
|
39D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613746232.00000000039D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D4000
|
| Size: |
8192
|
|
|
C2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301895889.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C2C000
|
| Size: |
217088
|
|
|
A8B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.3625077876.0000000000A8B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A8B000
|
| Size: |
4096
|
|
|
3E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622235779.00000000003E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E0000
|
| Size: |
16384
|
|
|
3140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305507999.0000000003140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3140000
|
| Size: |
16384
|
|
|
C21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302077022.0000000000C21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C21000
|
| Size: |
4096
|
|
|
1006000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000001006000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1006000
|
| Size: |
73728
|
|
|
37DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3626888108.00000000037DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37DC000
|
| Size: |
4096
|
|
|
4AED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627698469.0000000004AED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AED000
|
| Size: |
12288
|
|
|
D02000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613493005.0000000000D02000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D02000
|
| Size: |
4096
|
|
|
906000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622936299.0000000000906000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
906000
|
| Size: |
4096
|
|
|
C46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301263234.0000000000C46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C46000
|
| Size: |
8192
|
|
|
4930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1305558270.0000000004930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
506F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533198826.000000000506F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
506F000
|
| Size: |
4096
|
|
|
FEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FEE000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
563E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240538346.000000000563E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
563E000
|
| Size: |
8192
|
|
|
DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239116099.0000000000DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
8192
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301965078.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
4096
|
|
|
C3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302493083.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C3F000
|
| Size: |
589824
|
|
|
C24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302765980.0000000000C24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C24000
|
| Size: |
110592
|
|
|
4DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1614006772.0000000004DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DDE000
|
| Size: |
8192
|
|
|
17EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451572442.00000000017EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17EF000
|
| Size: |
4096
|
|
|
2C0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C0D000
|
| Size: |
45056
|
|
|
CEC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1613474423.0000000000CEC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CEC000
|
| Size: |
4096
|
|
|
97B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612914499.000000000097B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
97B000
|
| Size: |
4096
|
|
|
C58000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532163857.0000000000C58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C58000
|
| Size: |
73728
|
|
|
7C4000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304528163.00000000007C4000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C4000
|
| Size: |
16384
|
|
|
491F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3627617205.000000000491F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
491F000
|
| Size: |
4096
|
|
|
51F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302565173.00000000051F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F2000
|
| Size: |
20480
|
|
|
2C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532991119.0000000002C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C2E000
|
| Size: |
8192
|
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304933853.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
4096
|
|
|
F12000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239420585.0000000000F12000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F12000
|
| Size: |
4096
|
|
|
1890000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451637442.0000000001890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1890000
|
| Size: |
4096
|
|
|
A35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1304636036.0000000000A35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A35000
|
| Size: |
12288
|
|
|
44F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451772371.00000000044F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44F4000
|
| Size: |
8192
|
|
|
CCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303880496.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCA000
|
| Size: |
20480
|
|
|
F2B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1239480154.0000000000F2B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F2B000
|
| Size: |
4096
|
|
|
2C1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002C1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C1A000
|
| Size: |
4096
|
|
|
539E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533416063.000000000539E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
539E000
|
| Size: |
8192
|
|
|
12F6000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451276581.00000000012F6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F6000
|
| Size: |
40960
|
|
|
59FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240993659.00000000059FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59FB000
|
| Size: |
20480
|
|
|
58BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1240945621.00000000058BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58BE000
|
| Size: |
8192
|
|
|
C7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303784498.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7B000
|
| Size: |
303104
|
|
|
6F6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3622389970.00000000006F6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F6000
|
| Size: |
40960
|
|
|
51FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303743358.00000000051FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51FD000
|
| Size: |
36864
|
|
|
4BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613890601.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
36864
|
|
|
944000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1612914499.0000000000944000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
944000
|
| Size: |
221184
|
|
|
11DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239729245.00000000011DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11DE000
|
| Size: |
8192
|
|
|
182E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451585185.000000000182E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
182E000
|
| Size: |
8192
|
|
|
A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613169399.0000000000A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
12288
|
|
|
5AFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1241410454.0000000005AFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AFC000
|
| Size: |
16384
|
|
|
1152000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1532575935.0000000001152000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1152000
|
| Size: |
4096
|
|
|
573D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1451865197.000000000573D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
573D000
|
| Size: |
12288
|
|
|
CCB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302650684.0000000000CCB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCB000
|
| Size: |
16384
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1302814623.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
45056
|
|
|
4E80000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3628283799.0000000004E80000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
C7C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1304283908.0000000000C7C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C7C000
|
| Size: |
12288
|
|
|
CC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303766556.0000000000CC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC5000
|
| Size: |
40960
|
|
|
549F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533442067.000000000549F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
549F000
|
| Size: |
4096
|
|
|
2AC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.3625497704.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC7000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
101E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1532434993.000000000101E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
101E000
|
| Size: |
8192
|
|
|
CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1613224579.0000000000CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CBE000
|
| Size: |
8192
|
|
|
3F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533112070.0000000003F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F74000
|
| Size: |
8192
|
|
|
529E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1533390670.000000000529E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
529E000
|
| Size: |
8192
|
|
|
C6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1303608154.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C6F000
|
| Size: |
393216
|
|
|
FEA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1239538370.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FEA000
|
| Size: |
8192
|
|
|
C75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301333595.0000000000C75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C75000
|
| Size: |
12288
|
|
