|
42B3000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000003.00000002.1343263156.00000000042B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42B3000
|
| Size: |
270336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
42F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.00000000042F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42F6000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4D26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.0000000004D26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D26000
|
| Size: |
651264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4341000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.0000000004341000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4341000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002EC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC6000
|
| Size: |
512000
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4CE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.0000000004CE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CE3000
|
| Size: |
270336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD6000
|
| Size: |
413696
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1458790385.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
153E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421063941.000000000153E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153E000
|
| Size: |
8192
|
|
|
5A60000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1433829978.0000000005A60000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5A60000
|
| Size: |
4096
|
|
|
2ABE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339483820.0000000002ABE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ABE000
|
| Size: |
28672
|
|
|
7025000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1355283884.0000000007025000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7025000
|
| Size: |
495616
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
56B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56B1000
|
| Size: |
16384
|
|
|
6295000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559513601.0000000006295000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6295000
|
| Size: |
8192
|
|
|
2E3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002E3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
454656
|
|
|
10CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1463956659.00000000010CA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
10CA000
|
| Size: |
20480
|
|
|
1590000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.0000000001590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1590000
|
| Size: |
28672
|
|
|
2F44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F44000
|
| Size: |
8192
|
|
|
DF7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1339037488.0000000000DF7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DF7000
|
| Size: |
4096
|
|
|
32B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424440457.00000000032B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B4000
|
| Size: |
4096
|
|
|
6A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481296477.0000000006A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A4E000
|
| Size: |
8192
|
|
|
6060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558332498.0000000006060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6060000
|
| Size: |
65536
|
|
|
6BDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BDF000
|
| Size: |
4096
|
|
|
3E41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E41000
|
| Size: |
16384
|
|
|
6070000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1558474726.0000000006070000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6070000
|
| Size: |
65536
|
|
|
3DEE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DEE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DEE000
|
| Size: |
8192
|
|
|
62DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560068641.00000000062DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62DE000
|
| Size: |
12288
|
|
|
6730000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434627035.0000000006730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6730000
|
| Size: |
4096
|
|
|
6125000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558948155.0000000006125000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6125000
|
| Size: |
32768
|
|
|
B8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B8E000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
58F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433116291.00000000058F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58F0000
|
| Size: |
4096
|
|
|
517E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1352461961.000000000517E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517E000
|
| Size: |
8192
|
|
|
D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1461364062.0000000000D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D60000
|
| Size: |
16384
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394365872.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
16384
|
|
|
7390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1565940466.0000000007390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7390000
|
| Size: |
4096
|
|
|
4F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349743523.0000000004F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F60000
|
| Size: |
4096
|
|
|
52A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.00000000052A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A2000
|
| Size: |
49152
|
|
|
187A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1423440525.000000000187A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
187A000
|
| Size: |
4096
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421002356.00000000011E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
4096
|
|
|
57E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556916207.00000000057E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57E0000
|
| Size: |
65536
|
|
|
7C09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435302822.0000000007C09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C09000
|
| Size: |
28672
|
|
|
4F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349528686.0000000004F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F00000
|
| Size: |
65536
|
|
|
512E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1352395416.000000000512E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
512E000
|
| Size: |
8192
|
|
|
3E17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E17000
|
| Size: |
4096
|
|
|
63D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481253666.00000000063D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63D5000
|
| Size: |
8192
|
|
|
617C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479505047.000000000617C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
617C000
|
| Size: |
16384
|
|
|
5E90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1478583049.0000000005E90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5E90000
|
| Size: |
65536
|
|
|
5340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476881722.0000000005340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5340000
|
| Size: |
65536
|
|
|
7020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1563242107.0000000007020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7020000
|
| Size: |
278528
|
|
|
62B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559741019.00000000062B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62B7000
|
| Size: |
12288
|
|
|
6DEF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562302781.0000000006DEF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DEF000
|
| Size: |
61440
|
|
|
54C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555536838.00000000054C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54C6000
|
| Size: |
40960
|
|
|
3E0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E0A000
|
| Size: |
8192
|
|
|
1A27000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424282516.0000000001A27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A27000
|
| Size: |
32768
|
|
|
2FF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FF9000
|
| Size: |
8192
|
|
|
1277000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464758577.0000000001277000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1277000
|
| Size: |
8192
|
|
|
AB0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359743557.000000000AB0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB0E000
|
| Size: |
8192
|
|
|
4EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1348936875.0000000004EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EE0000
|
| Size: |
65536
|
|
|
E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339146295.0000000000E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
16384
|
|
|
DD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338692362.0000000000DD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD2000
|
| Size: |
4096
|
|
|
6FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1563022609.0000000006FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
4096
|
|
|
6DC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562025864.0000000006DC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DC2000
|
| Size: |
53248
|
|
|
785E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570467653.000000000785E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
785E000
|
| Size: |
8192
|
|
|
6369000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480621451.0000000006369000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6369000
|
| Size: |
8192
|
|
|
663A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.000000000663A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
663A000
|
| Size: |
8192
|
|
|
7A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358250148.0000000007A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A10000
|
| Size: |
12288
|
|
|
635C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480495890.000000000635C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
635C000
|
| Size: |
12288
|
|
|
4EB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004EB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB6000
|
| Size: |
16384
|
|
|
5869000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1557335583.0000000005869000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5869000
|
| Size: |
28672
|
|
|
51EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476572563.00000000051EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51EA000
|
| Size: |
24576
|
|
|
5D64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354343240.0000000005D64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D64000
|
| Size: |
4096
|
|
|
56EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477570813.00000000056EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56EE000
|
| Size: |
8192
|
|
|
3435000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.0000000003435000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3435000
|
| Size: |
733184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7AC0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358440464.0000000007AC0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7AC0000
|
| Size: |
589824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541634796.00000000013B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13B2000
|
| Size: |
4096
|
|
|
11A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464439274.00000000011A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
11A8000
|
| Size: |
4096
|
|
|
330E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000330E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
4096
|
|
|
5CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434135172.0000000005CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CC0000
|
| Size: |
65536
|
|
|
7C8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435423505.0000000007C8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C8D000
|
| Size: |
12288
|
|
|
1598000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.0000000001598000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1598000
|
| Size: |
16384
|
|
|
54D0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1555654286.00000000054D0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
54D0000
|
| Size: |
4096
|
|
|
3CC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003CC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CC5000
|
| Size: |
733184
|
|
|
437000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1458790385.0000000000437000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
437000
|
| Size: |
57344
|
|
|
6BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481558279.0000000006BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BA0000
|
| Size: |
4096
|
|
|
5274000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.0000000005274000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5274000
|
| Size: |
16384
|
|
|
2990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339432053.0000000002990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2990000
|
| Size: |
65536
|
|
|
C03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000C03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C03000
|
| Size: |
94208
|
|
|
5670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556425573.0000000005670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5670000
|
| Size: |
8192
|
|
|
4EC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004EC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC2000
|
| Size: |
49152
|
|
|
58F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433116291.00000000058F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58F5000
|
| Size: |
45056
|
|
|
1183000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541362890.0000000001183000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1183000
|
| Size: |
4096
|
|
|
51B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476394720.00000000051B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
7150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1564311009.0000000007150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7150000
|
| Size: |
65536
|
|
|
6BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482059301.0000000006BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BE0000
|
| Size: |
4096
|
|
|
5330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476822800.0000000005330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5330000
|
| Size: |
36864
|
|
|
10BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1463837297.00000000010BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10BE000
|
| Size: |
8192
|
|
|
2E20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1542578444.0000000002E20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2E20000
|
| Size: |
4096
|
|
|
545E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555340313.000000000545E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545E000
|
| Size: |
8192
|
|
|
2F59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F59000
|
| Size: |
4096
|
|
|
101F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339245080.000000000101F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
101F000
|
| Size: |
4096
|
|
|
5780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556490186.0000000005780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5780000
|
| Size: |
65536
|
|
|
52DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476729224.00000000052DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52DE000
|
| Size: |
8192
|
|
|
662F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434570051.000000000662F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
662F000
|
| Size: |
4096
|
|
|
5330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555009297.0000000005330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
56CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56CE000
|
| Size: |
8192
|
|
|
6312000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480088867.0000000006312000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6312000
|
| Size: |
77824
|
|
|
76FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566203985.00000000076FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76FB000
|
| Size: |
20480
|
|
|
7860000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1570525227.0000000007860000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7860000
|
| Size: |
12288
|
|
|
29E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394145791.00000000029E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29E0000
|
| Size: |
24576
|
|
|
6E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354560098.0000000006E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E30000
|
| Size: |
53248
|
|
|
6B7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481401873.0000000006B7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B7E000
|
| Size: |
8192
|
|
|
5475000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353828199.0000000005475000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5475000
|
| Size: |
40960
|
|
|
10D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464001130.00000000010D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10D0000
|
| Size: |
4096
|
|
|
A92E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436340022.000000000A92E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A92E000
|
| Size: |
8192
|
|
|
2FCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FCD000
|
| Size: |
32768
|
|
|
438C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.000000000438C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
438C000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6619000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006619000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6619000
|
| Size: |
8192
|
|
|
281E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339299710.000000000281E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
281E000
|
| Size: |
8192
|
|
|
720F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1356588624.000000000720F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
720F000
|
| Size: |
4096
|
|
|
7F190000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1436655445.000000007F190000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F190000
|
| Size: |
4096
|
|
|
2D78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542444212.0000000002D78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D78000
|
| Size: |
8192
|
|
|
5AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433859582.0000000005AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AAE000
|
| Size: |
8192
|
|
|
62CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479663244.00000000062CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
62CC000
|
| Size: |
16384
|
|
|
6D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483606146.0000000006D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D5E000
|
| Size: |
8192
|
|
|
6350000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480413720.0000000006350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6350000
|
| Size: |
8192
|
|
|
7D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1488657878.0000000007D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D5E000
|
| Size: |
8192
|
|
|
62E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560105223.00000000062E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62E4000
|
| Size: |
16384
|
|
|
310E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000310E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
310E000
|
| Size: |
8192
|
|
|
15C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.00000000015C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C5000
|
| Size: |
12288
|
|
|
11CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1420961063.00000000011CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CD000
|
| Size: |
12288
|
|
|
7800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570271623.0000000007800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7800000
|
| Size: |
65536
|
|
|
34F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.00000000034F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F0000
|
| Size: |
835584
|
|
|
5130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1352425937.0000000005130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
8192
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1458790385.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
300D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000300D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
300D000
|
| Size: |
8192
|
|
|
3E51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.0000000003E51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E51000
|
| Size: |
737280
|
|
|
605C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479422965.000000000605C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
605C000
|
| Size: |
16384
|
|
|
7A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434896936.0000000007A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A10000
|
| Size: |
135168
|
|
|
515F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476294590.000000000515F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
515F000
|
| Size: |
4096
|
|
|
AF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337307170.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF7000
|
| Size: |
36864
|
|
|
63C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481204198.00000000063C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63C6000
|
| Size: |
12288
|
|
|
3315000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003315000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3315000
|
| Size: |
4096
|
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339463318.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A0000
|
| Size: |
4096
|
|
|
6BB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BB9000
|
| Size: |
8192
|
|
|
13E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541881153.00000000013E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
6FA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483946892.0000000006FA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FA5000
|
| Size: |
98304
|
|
|
29B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394104282.00000000029B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29B0000
|
| Size: |
4096
|
|
|
6628000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006628000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6628000
|
| Size: |
4096
|
|
|
56AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56AB000
|
| Size: |
20480
|
|
|
5820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.0000000005820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5820000
|
| Size: |
12288
|
|
|
54C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555536838.00000000054C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54C1000
|
| Size: |
16384
|
|
|
5026000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.0000000005026000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5026000
|
| Size: |
16384
|
|
|
7220000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1356937930.0000000007220000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7220000
|
| Size: |
4096
|
|
|
6F82000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483760908.0000000006F82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F82000
|
| Size: |
24576
|
|
|
166A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.000000000166A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A000
|
| Size: |
151552
|
|
|
662F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.000000000662F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
662F000
|
| Size: |
8192
|
|
|
DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338530560.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
8192
|
|
|
555F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477069817.000000000555F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
555F000
|
| Size: |
4096
|
|
|
2F9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
126976
|
|
|
3DE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DE9000
|
| Size: |
8192
|
|
|
2E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313144554.0000000002E70000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E70000
|
| Size: |
4096
|
|
|
6BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482473599.0000000006BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF0000
|
| Size: |
4096
|
|
|
765E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566059815.000000000765E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
765E000
|
| Size: |
8192
|
|
|
76A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566136905.00000000076A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
76A0000
|
| Size: |
32768
|
|
|
7170000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1565442578.0000000007170000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7170000
|
| Size: |
65536
|
|
|
5FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479150698.0000000005FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5FF0000
|
| Size: |
65536
|
|
|
4F80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1350157509.0000000004F80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
65536
|
|
|
EBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EBE000
|
| Size: |
200704
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2FCF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313191691.0000000002FCF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2FCF000
|
| Size: |
4096
|
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539598902.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
12288
|
|
|
2FBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FBF000
|
| Size: |
4096
|
|
|
3287000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003287000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3287000
|
| Size: |
311296
|
|
|
DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1461943928.0000000000DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DAE000
|
| Size: |
8192
|
|
|
56F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477690509.00000000056F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56F0000
|
| Size: |
65536
|
|
|
7EE30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1579191564.000000007EE30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7EE30000
|
| Size: |
4096
|
|
|
6361000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480542932.0000000006361000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6361000
|
| Size: |
16384
|
|
|
6390000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480925390.0000000006390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6390000
|
| Size: |
12288
|
|
|
2CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD0000
|
| Size: |
28672
|
|
|
6635000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006635000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6635000
|
| Size: |
4096
|
|
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1483205973.0000000006C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C70000
|
| Size: |
65536
|
|
|
59B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433329844.00000000059B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59B0000
|
| Size: |
65536
|
|
|
5B2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433951005.0000000005B2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B2E000
|
| Size: |
8192
|
|
|
2AC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339483820.0000000002AC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC6000
|
| Size: |
811008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
AC4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436463115.000000000AC4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC4E000
|
| Size: |
8192
|
|
|
A680000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436276171.000000000A680000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A680000
|
| Size: |
12288
|
|
|
6D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483561644.0000000006D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D1E000
|
| Size: |
8192
|
|
|
7AF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1487477149.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7AF0000
|
| Size: |
12288
|
|
|
632A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480219630.000000000632A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
632A000
|
| Size: |
8192
|
|
|
6274000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559091311.0000000006274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6274000
|
| Size: |
20480
|
|
|
527B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.000000000527B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
527B000
|
| Size: |
61440
|
|
|
2EB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB4000
|
| Size: |
4096
|
|
|
2CE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE8000
|
| Size: |
1396736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
4EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349027758.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EF0000
|
| Size: |
16384
|
|
|
290D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394043699.000000000290D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
290D000
|
| Size: |
12288
|
|
|
AB0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436399671.000000000AB0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB0C000
|
| Size: |
16384
|
|
|
56D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56D1000
|
| Size: |
32768
|
|
|
2F84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002F84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F84000
|
| Size: |
290816
|
|
|
5190000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1352905314.0000000005190000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5190000
|
| Size: |
65536
|
|
|
5E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478363509.0000000005E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E30000
|
| Size: |
65536
|
|
|
10D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464027396.00000000010D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10D2000
|
| Size: |
4096
|
|
|
6B4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481355016.0000000006B4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B4D000
|
| Size: |
12288
|
|
|
7910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358227479.0000000007910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7910000
|
| Size: |
4096
|
|
|
2EB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB6000
|
| Size: |
811008
|
|
|
540A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555202883.000000000540A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
540A000
|
| Size: |
24576
|
|
|
5D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354343240.0000000005D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D40000
|
| Size: |
40960
|
|
|
2F52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F52000
|
| Size: |
12288
|
|
|
738F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1565906653.000000000738F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
738F000
|
| Size: |
4096
|
|
|
2CDB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002CDB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CDB000
|
| Size: |
49152
|
|
|
3018000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003018000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3018000
|
| Size: |
8192
|
|
|
2F7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7C000
|
| Size: |
4096
|
|
|
54B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555434936.00000000054B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54B0000
|
| Size: |
65536
|
|
|
7230000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1357102388.0000000007230000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7230000
|
| Size: |
65536
|
|
|
4C9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.0000000004C9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C9F000
|
| Size: |
192512
|
|
|
5430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353579165.0000000005430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
8B76000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1493213619.0000000008B76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B76000
|
| Size: |
12288
|
|
|
2B41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002B41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B41000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4EF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349027758.0000000004EF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EF5000
|
| Size: |
45056
|
|
|
DE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338872110.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE8000
|
| Size: |
28672
|
|
|
769F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566106798.000000000769F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
769F000
|
| Size: |
4096
|
|
|
5A30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1433642239.0000000005A30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5A30000
|
| Size: |
65536
|
|
|
6BF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482473599.0000000006BF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF5000
|
| Size: |
45056
|
|
|
C5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C5B000
|
| Size: |
147456
|
|
|
2D8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394209629.0000000002D8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8D000
|
| Size: |
12288
|
|
|
DD6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1338776500.0000000000DD6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DD6000
|
| Size: |
8192
|
|
|
13AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541586422.00000000013AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13AF000
|
| Size: |
4096
|
|
|
2EAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002EAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EAE000
|
| Size: |
20480
|
|
|
14AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542160344.00000000014AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14AB000
|
| Size: |
20480
|
|
|
5790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556602398.0000000005790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5790000
|
| Size: |
65536
|
|
|
DB3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1338466974.0000000000DB3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DB3000
|
| Size: |
4096
|
|
|
3BC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BC5000
|
| Size: |
733184
|
|
|
62D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560006726.00000000062D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62D4000
|
| Size: |
24576
|
|
|
2D4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394188228.0000000002D4E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
2980000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1339405688.0000000002980000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2980000
|
| Size: |
65536
|
|
|
5860000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1557335583.0000000005860000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5860000
|
| Size: |
20480
|
|
|
62F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479837313.00000000062F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62F9000
|
| Size: |
94208
|
|
|
6BD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BD5000
|
| Size: |
4096
|
|
|
3DDD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DDD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DDD000
|
| Size: |
8192
|
|
|
6020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557548048.0000000006020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6020000
|
| Size: |
65536
|
|
|
EF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539710160.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EF7000
|
| Size: |
36864
|
|
|
158D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1421428908.000000000158D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
158D000
|
| Size: |
4096
|
|
|
3E1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E1A000
|
| Size: |
8192
|
|
|
58E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433096107.00000000058E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58E0000
|
| Size: |
4096
|
|
|
10F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464133809.00000000010F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
4096
|
|
|
4EB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004EB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB1000
|
| Size: |
16384
|
|
|
2F8E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313168831.0000000002F8E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2F8E000
|
| Size: |
8192
|
|
|
186E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1422870674.000000000186E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
186E000
|
| Size: |
8192
|
|
|
301F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000301F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
301F000
|
| Size: |
8192
|
|
|
AA0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436366587.000000000AA0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA0B000
|
| Size: |
20480
|
|
|
8CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1573032464.0000000008CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CAE000
|
| Size: |
8192
|
|
|
BC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BC1000
|
| Size: |
208896
|
|
|
6740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434627035.0000000006740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6740000
|
| Size: |
40960
|
|
|
2FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FDE000
|
| Size: |
4096
|
|
|
7210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1356793935.0000000007210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7210000
|
| Size: |
65536
|
|
|
1450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542055075.0000000001450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
65536
|
|
|
5875000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432932427.0000000005875000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5875000
|
| Size: |
45056
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539570090.0000000000BA0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
4096
|
|
|
6E74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562738596.0000000006E74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E74000
|
| Size: |
4096
|
|
|
5860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432881860.0000000005860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5860000
|
| Size: |
65536
|
|
|
6F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483712670.0000000006F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F40000
|
| Size: |
4096
|
|
|
2FD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FD6000
|
| Size: |
28672
|
|
|
54DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432583889.00000000054DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54DC000
|
| Size: |
16384
|
|
|
6100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558856421.0000000006100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6100000
|
| Size: |
61440
|
|
|
4F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349774743.0000000004F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F75000
|
| Size: |
45056
|
|
|
32B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424440457.00000000032B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B0000
|
| Size: |
4096
|
|
|
6313000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560349383.0000000006313000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6313000
|
| Size: |
90112
|
|
|
657C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560759473.000000000657C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
657C000
|
| Size: |
16384
|
|
|
3B61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003B61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B61000
|
| Size: |
8192
|
|
|
6BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BB0000
|
| Size: |
4096
|
|
|
3E79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E79000
|
| Size: |
8192
|
|
|
30C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30C8000
|
| Size: |
4096
|
|
|
4B4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347798496.0000000004B4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B4C000
|
| Size: |
16384
|
|
|
6040000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1558049616.0000000006040000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6040000
|
| Size: |
65536
|
|
|
5610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.0000000005610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5610000
|
| Size: |
36864
|
|
|
32B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424440457.00000000032B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B6000
|
| Size: |
40960
|
|
|
5CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434199174.0000000005CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CD0000
|
| Size: |
65536
|
|
|
1026000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.0000000001026000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1026000
|
| Size: |
28672
|
|
|
7FD20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1359799094.000000007FD20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FD20000
|
| Size: |
4096
|
|
|
7280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1357781126.0000000007280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7280000
|
| Size: |
28672
|
|
|
13C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541769425.00000000013C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C2000
|
| Size: |
4096
|
|
|
6010000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1479326270.0000000006010000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6010000
|
| Size: |
65536
|
|
|
5E80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1478490516.0000000005E80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5E80000
|
| Size: |
65536
|
|
|
710E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1356533819.000000000710E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
710E000
|
| Size: |
8192
|
|
|
A90C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359676098.000000000A90C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A90C000
|
| Size: |
16384
|
|
|
6F99000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483816509.0000000006F99000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F99000
|
| Size: |
12288
|
|
|
7A20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1358302468.0000000007A20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7A20000
|
| Size: |
24576
|
|
|
1A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424234790.0000000001A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A10000
|
| Size: |
65536
|
|
|
58F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433116291.00000000058F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58F2000
|
| Size: |
8192
|
|
|
6615000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006615000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6615000
|
| Size: |
12288
|
|
|
57F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557013829.00000000057F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57F0000
|
| Size: |
65536
|
|
|
14C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542302853.00000000014C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
20480
|
|
|
3B83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003B83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B83000
|
| Size: |
184320
|
|
|
33C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33C8000
|
| Size: |
28672
|
|
|
90B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1574007254.00000000090B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
90B0000
|
| Size: |
4096
|
|
|
7160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1565045725.0000000007160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7160000
|
| Size: |
53248
|
|
|
5180000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1352659213.0000000005180000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5180000
|
| Size: |
65536
|
|
|
13BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541691705.00000000013BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13BA000
|
| Size: |
20480
|
|
|
5351000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476963121.0000000005351000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5351000
|
| Size: |
61440
|
|
|
58A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433044633.00000000058A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A0000
|
| Size: |
65536
|
|
|
DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462139239.0000000000DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
45056
|
|
|
5D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354343240.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D30000
|
| Size: |
4096
|
|
|
6603000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560979803.0000000006603000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6603000
|
| Size: |
8192
|
|
|
565E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477101993.000000000565E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
8192
|
|
|
432000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1458790385.0000000000432000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
432000
|
| Size: |
16384
|
|
|
6290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559481313.0000000006290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6290000
|
| Size: |
8192
|
|
|
6DD3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562118344.0000000006DD3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DD3000
|
| Size: |
77824
|
|
|
5360000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1477046631.0000000005360000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
4096
|
|
|
3331000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003331000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3331000
|
| Size: |
8192
|
|
|
4E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
12288
|
|
|
5850000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1557218319.0000000005850000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5850000
|
| Size: |
65536
|
|
|
51E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476572563.00000000051E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E8000
|
| Size: |
4096
|
|
|
52B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554606527.00000000052B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52B3000
|
| Size: |
8192
|
|
|
119D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541500557.000000000119D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
119D000
|
| Size: |
4096
|
|
|
6612000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006612000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6612000
|
| Size: |
8192
|
|
|
3109000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003109000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3109000
|
| Size: |
8192
|
|
|
51E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476572563.00000000051E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E5000
|
| Size: |
8192
|
|
|
E1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000E1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E1A000
|
| Size: |
40960
|
|
|
1583000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421393031.0000000001583000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1583000
|
| Size: |
12288
|
|
|
2F56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F56000
|
| Size: |
8192
|
|
|
3230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313329375.0000000003230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3230000
|
| Size: |
16384
|
|
|
557F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354100236.000000000557F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
557F000
|
| Size: |
4096
|
|
|
2ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394284640.0000000002ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ECE000
|
| Size: |
8192
|
|
|
6FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1563136611.0000000006FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE0000
|
| Size: |
65536
|
|
|
7BA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1435163436.0000000007BA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7BA0000
|
| Size: |
4096
|
|
|
2FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313218612.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FD0000
|
| Size: |
4096
|
|
|
7ADC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1487323263.0000000007ADC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7ADC000
|
| Size: |
16384
|
|
|
332C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000332C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
332C000
|
| Size: |
8192
|
|
|
A30D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359468615.000000000A30D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A30D000
|
| Size: |
12288
|
|
|
5650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556188970.0000000005650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5650000
|
| Size: |
12288
|
|
|
2CD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CD8000
|
| Size: |
8192
|
|
|
6354000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480450867.0000000006354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6354000
|
| Size: |
16384
|
|
|
13C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541822437.00000000013C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13C7000
|
| Size: |
4096
|
|
|
501E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.000000000501E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
501E000
|
| Size: |
4096
|
|
|
3E35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E35000
|
| Size: |
4096
|
|
|
1880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1423748786.0000000001880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1880000
|
| Size: |
4096
|
|
|
6600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560979803.0000000006600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6600000
|
| Size: |
4096
|
|
|
72CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358065955.00000000072CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72CE000
|
| Size: |
8192
|
|
|
1887000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1423903369.0000000001887000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1887000
|
| Size: |
4096
|
|
|
F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539764047.0000000000F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3E000
|
| Size: |
8192
|
|
|
30E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30E3000
|
| Size: |
8192
|
|
|
1573000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1421291904.0000000001573000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1573000
|
| Size: |
4096
|
|
|
33EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33EB000
|
| Size: |
8192
|
|
|
751E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1565978595.000000000751E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
751E000
|
| Size: |
8192
|
|
|
3E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E10000
|
| Size: |
8192
|
|
|
5291000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.0000000005291000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5291000
|
| Size: |
16384
|
|
|
4B7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475656265.0000000004B7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7B000
|
| Size: |
20480
|
|
|
30D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30D6000
|
| Size: |
16384
|
|
|
5A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433800513.0000000005A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A50000
|
| Size: |
4096
|
|
|
7C5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1488453949.0000000007C5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C5D000
|
| Size: |
12288
|
|
|
62F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560218047.00000000062F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62F7000
|
| Size: |
20480
|
|
|
30F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30F7000
|
| Size: |
8192
|
|
|
6FC0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354755887.0000000006FC0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
6FC0000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
6262000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559091311.0000000006262000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6262000
|
| Size: |
4096
|
|
|
32DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000032DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32DE000
|
| Size: |
28672
|
|
|
5880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432999217.0000000005880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5880000
|
| Size: |
65536
|
|
|
295B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339366697.000000000295B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
295B000
|
| Size: |
20480
|
|
|
33DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424593844.00000000033DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
8192
|
|
|
3320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3320000
|
| Size: |
4096
|
|
|
633E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560639123.000000000633E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
633E000
|
| Size: |
4096
|
|
|
62E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479837313.00000000062E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62E2000
|
| Size: |
16384
|
|
|
7870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570568151.0000000007870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7870000
|
| Size: |
8192
|
|
|
7460000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1485355744.0000000007460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7460000
|
| Size: |
4096
|
|
|
F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.0000000000F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
28672
|
|
|
D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1460994358.0000000000D20000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
3E26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E26000
|
| Size: |
4096
|
|
|
3327000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003327000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3327000
|
| Size: |
8192
|
|
|
6DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561906242.0000000006DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DB0000
|
| Size: |
24576
|
|
|
2B30000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1465292464.0000000002B30000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2B30000
|
| Size: |
4096
|
|
|
32C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1424524032.00000000032C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
32C0000
|
| Size: |
4096
|
|
|
2FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FEC000
|
| Size: |
16384
|
|
|
1170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541290624.0000000001170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
8192
|
|
|
3E4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E4E000
|
| Size: |
8192
|
|
|
14CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542391909.00000000014CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14CE000
|
| Size: |
4096
|
|
|
7C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358760751.0000000007C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C4E000
|
| Size: |
8192
|
|
|
5852000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.0000000005852000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5852000
|
| Size: |
49152
|
|
|
8DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1573884785.0000000008DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DEE000
|
| Size: |
8192
|
|
|
A34D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359493872.000000000A34D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A34D000
|
| Size: |
12288
|
|
|
2F7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002F7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7D000
|
| Size: |
20480
|
|
|
3E2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E2E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
31D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424347593.00000000031D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31D8000
|
| Size: |
4096
|
|
|
3034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3034000
|
| Size: |
16384
|
|
|
384E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.000000000384E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384E000
|
| Size: |
270336
|
|
|
1695000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1422790636.0000000001695000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1695000
|
| Size: |
16384
|
|
|
7F4C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1493927245.000000007F4C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F4C0000
|
| Size: |
4096
|
|
|
32AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424411141.00000000032AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32AC000
|
| Size: |
16384
|
|
|
6B78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481401873.0000000006B78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B78000
|
| Size: |
4096
|
|
|
5000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.0000000005000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
12288
|
|
|
6CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483431743.0000000006CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CD0000
|
| Size: |
12288
|
|
|
1170000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464348293.0000000001170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
4096
|
|
|
5320000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476789622.0000000005320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5320000
|
| Size: |
8192
|
|
|
BB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB4000
|
| Size: |
12288
|
|
|
DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462016928.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
12288
|
|
|
627A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559362874.000000000627A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
627A000
|
| Size: |
69632
|
|
|
1440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542023993.0000000001440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1440000
|
| Size: |
12288
|
|
|
6E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562501747.0000000006E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E13000
|
| Size: |
16384
|
|
|
5270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.0000000005270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
12288
|
|
|
2E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313102518.0000000002E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E50000
|
| Size: |
20480
|
|
|
6303000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560266962.0000000006303000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6303000
|
| Size: |
12288
|
|
|
2CA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002CA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA4000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1180000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1420928777.0000000001180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1180000
|
| Size: |
8192
|
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338872110.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
24576
|
|
|
5E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478095739.0000000005E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E00000
|
| Size: |
65536
|
|
|
6FD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1563022609.0000000006FD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD5000
|
| Size: |
45056
|
|
|
79A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434772601.00000000079A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79A0000
|
| Size: |
73728
|
|
|
5050000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476237647.0000000005050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
2FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FE0000
|
| Size: |
4096
|
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541527900.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A0000
|
| Size: |
16384
|
|
|
DED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1462188102.0000000000DED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DED000
|
| Size: |
4096
|
|
|
32E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000032E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E6000
|
| Size: |
8192
|
|
|
7289000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1357781126.0000000007289000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7289000
|
| Size: |
28672
|
|
|
5170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476321925.0000000005170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5170000
|
| Size: |
61440
|
|
|
61CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479557396.00000000061CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61CE000
|
| Size: |
8192
|
|
|
62E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479801649.00000000062E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62E0000
|
| Size: |
4096
|
|
|
447F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.000000000447F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
447F000
|
| Size: |
4096
|
|
|
2D98000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394233280.0000000002D98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D98000
|
| Size: |
110592
|
|
|
DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
28672
|
|
|
DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338408507.0000000000DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
8192
|
|
|
C1D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000C1D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C1D000
|
| Size: |
126976
|
|
|
116E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464309884.000000000116E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116E000
|
| Size: |
8192
|
|
|
BD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539634019.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD5000
|
| Size: |
16384
|
|
|
A670000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1436243892.000000000A670000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A670000
|
| Size: |
20480
|
|
|
4148000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.0000000004148000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4148000
|
| Size: |
184320
|
|
|
6DE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562265954.0000000006DE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DE7000
|
| Size: |
8192
|
|
|
4FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475767872.0000000004FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FFE000
|
| Size: |
8192
|
|
|
5021000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.0000000005021000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5021000
|
| Size: |
16384
|
|
|
13B6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541660883.00000000013B6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13B6000
|
| Size: |
12288
|
|
|
6BB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BB2000
|
| Size: |
8192
|
|
|
18A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1423958249.00000000018A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18A0000
|
| Size: |
4096
|
|
|
33DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
16384
|
|
|
DCD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1338577093.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DCD000
|
| Size: |
4096
|
|
|
33D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33D0000
|
| Size: |
12288
|
|
|
1170000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1420687830.0000000001170000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
4096
|
|
|
18B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1424081517.00000000018B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18B0000
|
| Size: |
65536
|
|
|
127A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464758577.000000000127A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
127A000
|
| Size: |
12288
|
|
|
4F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349658337.0000000004F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F20000
|
| Size: |
65536
|
|
|
6346000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480347864.0000000006346000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6346000
|
| Size: |
24576
|
|
|
62AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559686197.00000000062AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62AF000
|
| Size: |
12288
|
|
|
33BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
32768
|
|
|
43E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.00000000043E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43E9000
|
| Size: |
4096
|
|
|
3040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3040000
|
| Size: |
180224
|
|
|
561B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.000000000561B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
561B000
|
| Size: |
20480
|
|
|
7A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434896936.0000000007A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A40000
|
| Size: |
4096
|
|
|
2F47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F47000
|
| Size: |
8192
|
|
|
33E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.00000000033E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33E1000
|
| Size: |
335872
|
|
|
7D8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435454407.0000000007D8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D8D000
|
| Size: |
12288
|
|
|
5EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478676685.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EA0000
|
| Size: |
65536
|
|
|
157D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1421342979.000000000157D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
157D000
|
| Size: |
4096
|
|
|
6606000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560979803.0000000006606000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6606000
|
| Size: |
28672
|
|
|
3024000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003024000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
8192
|
|
|
714D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1564213606.000000000714D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714D000
|
| Size: |
12288
|
|
|
663F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.000000000663F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
663F000
|
| Size: |
4096
|
|
|
AA0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359714930.000000000AA0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA0E000
|
| Size: |
8192
|
|
|
3DCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DCB000
|
| Size: |
8192
|
|
|
6BDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BDA000
|
| Size: |
8192
|
|
|
502D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.000000000502D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
502D000
|
| Size: |
16384
|
|
|
5CE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434263595.0000000005CE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CE3000
|
| Size: |
20480
|
|
|
10D5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1464058989.00000000010D5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
10D5000
|
| Size: |
4096
|
|
|
6E1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562549439.0000000006E1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E1B000
|
| Size: |
8192
|
|
|
6CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483296027.0000000006CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CBE000
|
| Size: |
8192
|
|
|
5340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555038852.0000000005340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
2D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542416462.0000000002D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D6E000
|
| Size: |
8192
|
|
|
90C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1578400697.00000000090C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
90C6000
|
| Size: |
12288
|
|
|
BA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000BA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA7000
|
| Size: |
49152
|
|
|
2BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313005503.0000000002BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBD000
|
| Size: |
12288
|
|
|
1460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542139040.0000000001460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1460000
|
| Size: |
4096
|
|
|
291E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339344630.000000000291E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
291E000
|
| Size: |
8192
|
|
|
62EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560160767.00000000062EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62EE000
|
| Size: |
24576
|
|
|
2B25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465208474.0000000002B25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B25000
|
| Size: |
45056
|
|
|
62C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559913042.00000000062C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62C9000
|
| Size: |
24576
|
|
|
F79000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F79000
|
| Size: |
593920
|
|
|
51C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476428822.00000000051C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51C0000
|
| Size: |
4096
|
|
|
5004000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.0000000005004000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5004000
|
| Size: |
16384
|
|
|
34E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.00000000034E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34E9000
|
| Size: |
24576
|
|
|
333C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000333C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
333C000
|
| Size: |
16384
|
|
|
7810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570412076.0000000007810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7810000
|
| Size: |
4096
|
|
|
51C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476428822.00000000051C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51C2000
|
| Size: |
12288
|
|
|
7A8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358409381.0000000007A8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A8D000
|
| Size: |
12288
|
|
|
2F4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4A000
|
| Size: |
16384
|
|
|
6EB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562768917.0000000006EB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EB4000
|
| Size: |
4096
|
|
|
10C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1463923284.00000000010C6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
10C6000
|
| Size: |
12288
|
|
|
D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1461245114.0000000000D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D30000
|
| Size: |
8192
|
|
|
6BB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BB5000
|
| Size: |
12288
|
|
|
3376000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003376000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3376000
|
| Size: |
290816
|
|
|
3029000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003029000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3029000
|
| Size: |
8192
|
|
|
789000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337177307.0000000000789000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
789000
|
| Size: |
28672
|
|
|
3B4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003B4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B4F000
|
| Size: |
20480
|
|
|
39B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.00000000039B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B9000
|
| Size: |
618496
|
|
|
7C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435394875.0000000007C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C4E000
|
| Size: |
8192
|
|
|
2FC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FC5000
|
| Size: |
4096
|
|
|
1570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421263773.0000000001570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
8192
|
|
|
740E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1484138235.000000000740E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
740E000
|
| Size: |
8192
|
|
|
10C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1463870527.00000000010C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C0000
|
| Size: |
4096
|
|
|
DD3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1462052617.0000000000DD3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DD3000
|
| Size: |
4096
|
|
|
1150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541255425.0000000001150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1150000
|
| Size: |
4096
|
|
|
49B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347678315.00000000049B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49B8000
|
| Size: |
4096
|
|
|
6D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483648262.0000000006D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D60000
|
| Size: |
40960
|
|
|
6FB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1562798063.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6FB0000
|
| Size: |
65536
|
|
|
6394000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480967724.0000000006394000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6394000
|
| Size: |
65536
|
|
|
30CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30CA000
|
| Size: |
4096
|
|
|
1190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541452090.0000000001190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
24576
|
|
|
312E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313291454.000000000312E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
312E000
|
| Size: |
8192
|
|
|
565B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556188970.000000000565B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
565B000
|
| Size: |
8192
|
|
|
52C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554701147.00000000052C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C5000
|
| Size: |
45056
|
|
|
159E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.000000000159E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
159E000
|
| Size: |
155648
|
|
|
407B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.000000000407B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
407B000
|
| Size: |
712704
|
|
|
29B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339483820.00000000029B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29B1000
|
| Size: |
335872
|
|
|
1250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464562759.0000000001250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
4096
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394343138.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
672E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434597240.000000000672E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
672E000
|
| Size: |
8192
|
|
|
5B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434099254.0000000005B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B40000
|
| Size: |
8192
|
|
|
E26000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000E26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E26000
|
| Size: |
593920
|
|
|
DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338435524.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
8192
|
|
|
632F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480253101.000000000632F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
632F000
|
| Size: |
12288
|
|
|
A5CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359544780.000000000A5CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A5CF000
|
| Size: |
4096
|
|
|
5470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353828199.0000000005470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5470000
|
| Size: |
12288
|
|
|
30F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30F0000
|
| Size: |
8192
|
|
|
716E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1565045725.000000000716E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
716E000
|
| Size: |
8192
|
|
|
7B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1487843139.0000000007B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B3E000
|
| Size: |
8192
|
|
|
F69000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.0000000000F69000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F69000
|
| Size: |
57344
|
|
|
6C6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483154666.0000000006C6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C6D000
|
| Size: |
12288
|
|
|
5F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557452081.0000000005F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F1E000
|
| Size: |
8192
|
|
|
647D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560713493.000000000647D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
647D000
|
| Size: |
12288
|
|
|
5440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353642953.0000000005440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
65536
|
|
|
4C7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475719190.0000000004C7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C7C000
|
| Size: |
16384
|
|
|
A1CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359441620.000000000A1CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A1CE000
|
| Size: |
8192
|
|
|
DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1461978916.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
8192
|
|
|
5DD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1477996573.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DD0000
|
| Size: |
65536
|
|
|
3E89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E89000
|
| Size: |
16384
|
|
|
A6CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359580138.000000000A6CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6CE000
|
| Size: |
8192
|
|
|
51D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1476489905.00000000051D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51D0000
|
| Size: |
65536
|
|
|
18C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424147191.00000000018C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18C0000
|
| Size: |
16384
|
|
|
5660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556324562.0000000005660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5660000
|
| Size: |
65536
|
|
|
AC8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436500204.000000000AC8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC8E000
|
| Size: |
8192
|
|
|
2A05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339483820.0000000002A05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A05000
|
| Size: |
753664
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
142E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541906391.000000000142E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
142E000
|
| Size: |
8192
|
|
|
5900000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1433217478.0000000005900000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5900000
|
| Size: |
65536
|
|
|
DDD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1462114462.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DDD000
|
| Size: |
4096
|
|
|
5DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477897089.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DC0000
|
| Size: |
65536
|
|
|
7532000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358190441.0000000007532000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7532000
|
| Size: |
32768
|
|
|
7270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1357710754.0000000007270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7270000
|
| Size: |
65536
|
|
|
3DD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DD2000
|
| Size: |
8192
|
|
|
13C5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541798029.00000000013C5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
2FCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FCD000
|
| Size: |
839680
|
|
|
6380000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480818525.0000000006380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6380000
|
| Size: |
61440
|
|
|
642000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1281480092.0000000000642000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
642000
|
| Size: |
708608
|
|
|
5053000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476237647.0000000005053000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5053000
|
| Size: |
8192
|
|
|
306E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000306E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
306E000
|
| Size: |
290816
|
|
|
3E7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E7E000
|
| Size: |
8192
|
|
|
14F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421024564.00000000014F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14F7000
|
| Size: |
36864
|
|
|
7F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435736712.0000000007F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7F1E000
|
| Size: |
8192
|
|
|
5D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434388506.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D30000
|
| Size: |
12288
|
|
|
549E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555375787.000000000549E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
549E000
|
| Size: |
8192
|
|
|
5CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434263595.0000000005CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CE0000
|
| Size: |
8192
|
|
|
531E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476758023.000000000531E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
531E000
|
| Size: |
8192
|
|
|
7450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1484624177.0000000007450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7450000
|
| Size: |
65536
|
|
|
DDA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1338831392.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DDA000
|
| Size: |
4096
|
|
|
5296000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.0000000005296000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5296000
|
| Size: |
16384
|
|
|
110A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1418499352.000000000110A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
110A000
|
| Size: |
24576
|
|
|
5841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.0000000005841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5841000
|
| Size: |
16384
|
|
|
56EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477570813.00000000056EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56EB000
|
| Size: |
8192
|
|
|
7A42000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434896936.0000000007A42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A42000
|
| Size: |
73728
|
|
|
62D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559973610.00000000062D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62D0000
|
| Size: |
8192
|
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1281548699.00000000006F0000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F0000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
D65000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1461364062.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D65000
|
| Size: |
16384
|
|
|
14C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542302853.00000000014C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C7000
|
| Size: |
24576
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337265921.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
16384
|
|
|
32F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000032F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32F3000
|
| Size: |
16384
|
|
|
7410000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1484196885.0000000007410000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7410000
|
| Size: |
65536
|
|
|
4EAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004EAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EAE000
|
| Size: |
4096
|
|
|
B8A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B8A000
|
| Size: |
8192
|
|
|
2FC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FC1000
|
| Size: |
12288
|
|
|
32D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000032D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D5000
|
| Size: |
32768
|
|
|
8B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1488801671.0000000008B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B60000
|
| Size: |
4096
|
|
|
3347000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003347000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3347000
|
| Size: |
184320
|
|
|
2B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465179713.0000000002B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1E000
|
| Size: |
8192
|
|
|
5342000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555038852.0000000005342000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5342000
|
| Size: |
12288
|
|
|
577F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556461996.000000000577F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
577F000
|
| Size: |
4096
|
|
|
630D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560302445.000000000630D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
630D000
|
| Size: |
20480
|
|
|
1876000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1423401180.0000000001876000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1876000
|
| Size: |
8192
|
|
|
14B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542202166.00000000014B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14B6000
|
| Size: |
40960
|
|
|
3432000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003432000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3432000
|
| Size: |
28672
|
|
|
624B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559091311.000000000624B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
624B000
|
| Size: |
40960
|
|
|
4ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1348841484.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4ED0000
|
| Size: |
65536
|
|
|
583E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.000000000583E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
583E000
|
| Size: |
4096
|
|
|
50EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1352239450.00000000050EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50EE000
|
| Size: |
8192
|
|
|
6330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560487645.0000000006330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6330000
|
| Size: |
8192
|
|
|
565E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556188970.000000000565E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
8192
|
|
|
6C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482724290.0000000006C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C00000
|
| Size: |
65536
|
|
|
5D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354213577.0000000005D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D2E000
|
| Size: |
8192
|
|
|
3E74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E74000
|
| Size: |
8192
|
|
|
529D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.000000000529D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
529D000
|
| Size: |
16384
|
|
|
10C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1463897647.00000000010C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C2000
|
| Size: |
4096
|
|
|
A82E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436307855.000000000A82E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A82E000
|
| Size: |
8192
|
|
|
6050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558181293.0000000006050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6050000
|
| Size: |
65536
|
|
|
A4CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359520049.000000000A4CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4CE000
|
| Size: |
8192
|
|
|
6CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483341457.0000000006CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CC0000
|
| Size: |
65536
|
|
|
6CD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483431743.0000000006CD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CD4000
|
| Size: |
49152
|
|
|
5626000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.0000000005626000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5626000
|
| Size: |
45056
|
|
|
446000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1458790385.0000000000446000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
446000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4F72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349774743.0000000004F72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F72000
|
| Size: |
8192
|
|
|
BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539634019.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
16384
|
|
|
7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435302822.0000000007C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C00000
|
| Size: |
12288
|
|
|
1180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541329472.0000000001180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1180000
|
| Size: |
12288
|
|
|
5D35000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434388506.0000000005D35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D35000
|
| Size: |
40960
|
|
|
6070000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1479467672.0000000006070000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6070000
|
| Size: |
16384
|
|
|
5E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478266298.0000000005E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E20000
|
| Size: |
65536
|
|
|
6BCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BCA000
|
| Size: |
8192
|
|
|
1100000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1464167148.0000000001100000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1100000
|
| Size: |
65536
|
|
|
1690000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1422790636.0000000001690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690000
|
| Size: |
16384
|
|
|
311F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000311F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
311F000
|
| Size: |
12288
|
|
|
5621000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.0000000005621000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5621000
|
| Size: |
16384
|
|
|
1184000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541386160.0000000001184000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
12288
|
|
|
2FFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313239087.0000000002FFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FFA000
|
| Size: |
102400
|
|
|
3426000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003426000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3426000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337265921.00000000007F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F5000
|
| Size: |
12288
|
|
|
2BFA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313043706.0000000002BFA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BFA000
|
| Size: |
24576
|
|
|
640000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1281463454.0000000000640000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
640000
|
| Size: |
4096
|
|
|
5EC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1478857156.0000000005EC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5EC0000
|
| Size: |
65536
|
|
|
56DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56DA000
|
| Size: |
12288
|
|
|
79A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1485868060.00000000079A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79A0000
|
| Size: |
36864
|
|
|
2FCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FCB000
|
| Size: |
4096
|
|
|
30B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.00000000030B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B7000
|
| Size: |
65536
|
|
|
2F5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5D000
|
| Size: |
57344
|
|
|
60CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558766668.00000000060CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60CC000
|
| Size: |
16384
|
|
|
643C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560669360.000000000643C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
643C000
|
| Size: |
16384
|
|
|
309F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000309F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
309F000
|
| Size: |
1560576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
27C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339264201.00000000027C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27C0000
|
| Size: |
4096
|
|
|
1190000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464383493.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
16384
|
|
|
7A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358337626.0000000007A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A40000
|
| Size: |
12288
|
|
|
6FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354923584.0000000006FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
122880
|
|
|
1110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464247284.0000000001110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1110000
|
| Size: |
12288
|
|
|
5450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353720331.0000000005450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5450000
|
| Size: |
65536
|
|
|
584D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.000000000584D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
584D000
|
| Size: |
16384
|
|
|
5EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478778530.0000000005EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EB0000
|
| Size: |
65536
|
|
|
80EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435772887.00000000080EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80EE000
|
| Size: |
8192
|
|
|
1270000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464758577.0000000001270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1270000
|
| Size: |
20480
|
|
|
1254000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464562759.0000000001254000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1254000
|
| Size: |
49152
|
|
|
5A2B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433564103.0000000005A2B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A2B000
|
| Size: |
20480
|
|
|
6240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559091311.0000000006240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6240000
|
| Size: |
40960
|
|
|
5655000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556188970.0000000005655000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5655000
|
| Size: |
4096
|
|
|
27D0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1339280470.00000000027D0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
27D0000
|
| Size: |
4096
|
|
|
13CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541847735.00000000013CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13CB000
|
| Size: |
8192
|
|
|
35C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424614712.00000000035C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35C1000
|
| Size: |
2670592
|
|
|
730D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358121120.000000000730D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
730D000
|
| Size: |
12288
|
|
|
426F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.000000000426F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
426F000
|
| Size: |
196608
|
|
|
56B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56B6000
|
| Size: |
45056
|
|
|
7420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1484293989.0000000007420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7420000
|
| Size: |
4096
|
|
|
1A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424207604.0000000001A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1A0E000
|
| Size: |
8192
|
|
|
5A40000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1433711356.0000000005A40000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5A40000
|
| Size: |
4096
|
|
|
2E31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002E31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E31000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6DFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562408055.0000000006DFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DFF000
|
| Size: |
49152
|
|
|
100D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.000000000100D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100D000
|
| Size: |
73728
|
|
|
EBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000EBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EBB000
|
| Size: |
8192
|
|
|
9B9000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1460779419.00000000009B9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B9000
|
| Size: |
28672
|
|
|
560E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555684120.000000000560E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
560E000
|
| Size: |
8192
|
|
|
5B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434069667.0000000005B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B30000
|
| Size: |
4096
|
|
|
56E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477570813.00000000056E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56E0000
|
| Size: |
12288
|
|
|
4F2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553812349.0000000004F2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F2C000
|
| Size: |
16384
|
|
|
3F53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.0000000003F53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F53000
|
| Size: |
729088
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554918260.00000000052F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
61440
|
|
|
3E6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E6D000
|
| Size: |
8192
|
|
|
4FC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1351619064.0000000004FC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FC3000
|
| Size: |
8192
|
|
|
7A0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434896936.0000000007A0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0D000
|
| Size: |
8192
|
|
|
3E5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E5B000
|
| Size: |
8192
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557120233.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
65536
|
|
|
3E3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E3F000
|
| Size: |
20480
|
|
|
3E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E20000
|
| Size: |
4096
|
|
|
7BB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1435189648.0000000007BB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7BB0000
|
| Size: |
65536
|
|
|
662A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.000000000662A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
662A000
|
| Size: |
8192
|
|
|
63A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481089327.00000000063A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63A7000
|
| Size: |
53248
|
|
|
500B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.000000000500B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
500B000
|
| Size: |
61440
|
|
|
5E3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434459819.0000000005E3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E3D000
|
| Size: |
12288
|
|
|
3300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3300000
|
| Size: |
8192
|
|
|
5870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432932427.0000000005870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5870000
|
| Size: |
16384
|
|
|
19CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424182952.00000000019CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19CE000
|
| Size: |
8192
|
|
|
6D5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561868800.0000000006D5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D5D000
|
| Size: |
12288
|
|
|
1260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464654534.0000000001260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
53248
|
|
|
2B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465208474.0000000002B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B20000
|
| Size: |
16384
|
|
|
3E28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E28000
|
| Size: |
8192
|
|
|
5824000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.0000000005824000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5824000
|
| Size: |
98304
|
|
|
B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337326134.0000000000B00000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
4096
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554824919.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
65536
|
|
|
4F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1351125482.0000000004F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F90000
|
| Size: |
65536
|
|
|
5FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479037914.0000000005FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5FE0000
|
| Size: |
65536
|
|
|
564A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.000000000564A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
564A000
|
| Size: |
12288
|
|
|
6298000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559556597.0000000006298000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6298000
|
| Size: |
45056
|
|
|
15D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.00000000015D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15D0000
|
| Size: |
4096
|
|
|
1430000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541939055.0000000001430000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1430000
|
| Size: |
65536
|
|
|
5E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1478181382.0000000005E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E10000
|
| Size: |
65536
|
|
|
127E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465123665.000000000127E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
127E000
|
| Size: |
4096
|
|
|
AB4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436435237.000000000AB4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB4E000
|
| Size: |
8192
|
|
|
2B91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339483820.0000000002B91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B91000
|
| Size: |
2945024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
3E93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E93000
|
| Size: |
712704
|
|
|
1870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1422901076.0000000001870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1870000
|
| Size: |
4096
|
|
|
3DF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DF9000
|
| Size: |
16384
|
|
|
12AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541564977.00000000012AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AF000
|
| Size: |
4096
|
|
|
10DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1464106131.00000000010DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
10DB000
|
| Size: |
8192
|
|
|
6335000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480285489.0000000006335000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6335000
|
| Size: |
36864
|
|
|
2FC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FC7000
|
| Size: |
12288
|
|
|
4EBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004EBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EBD000
|
| Size: |
16384
|
|
|
DF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF8000
|
| Size: |
135168
|
|
|
1A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424282516.0000000001A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A20000
|
| Size: |
20480
|
|
|
7D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435503541.0000000007D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D90000
|
| Size: |
323584
|
|
|
65BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560835385.00000000065BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65BE000
|
| Size: |
8192
|
|
|
5846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1432613421.0000000005846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5846000
|
| Size: |
16384
|
|
|
51E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476572563.00000000051E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E0000
|
| Size: |
12288
|
|
|
563E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.000000000563E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
563E000
|
| Size: |
8192
|
|
|
114E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541210043.000000000114E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
114E000
|
| Size: |
8192
|
|
|
7EDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435707609.0000000007EDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7EDD000
|
| Size: |
12288
|
|
|
1574000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421313139.0000000001574000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1574000
|
| Size: |
4096
|
|
|
3006000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003006000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3006000
|
| Size: |
8192
|
|
|
636E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480718287.000000000636E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
636E000
|
| Size: |
12288
|
|
|
6BC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BC8000
|
| Size: |
4096
|
|
|
5A42000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1433711356.0000000005A42000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5A42000
|
| Size: |
4096
|
|
|
100B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.000000000100B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100B000
|
| Size: |
4096
|
|
|
54A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555408098.00000000054A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
29C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394125910.00000000029C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29C0000
|
| Size: |
4096
|
|
|
10D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1464082731.00000000010D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
10D7000
|
| Size: |
4096
|
|
|
312B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.000000000312B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
312B000
|
| Size: |
24576
|
|
|
BF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF5000
|
| Size: |
53248
|
|
|
6F8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1483816509.0000000006F8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F8B000
|
| Size: |
45056
|
|
|
62E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479837313.00000000062E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62E7000
|
| Size: |
4096
|
|
|
7010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1563242107.0000000007010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7010000
|
| Size: |
36864
|
|
|
3411000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003411000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3411000
|
| Size: |
8192
|
|
|
C1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C1B000
|
| Size: |
4096
|
|
|
102E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541096531.000000000102E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
102E000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
632D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560487645.000000000632D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
632D000
|
| Size: |
8192
|
|
|
F48000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539790945.0000000000F48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F48000
|
| Size: |
131072
|
|
|
569E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477130958.000000000569E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
569E000
|
| Size: |
8192
|
|
|
6B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481401873.0000000006B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B70000
|
| Size: |
20480
|
|
|
DBD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1338514066.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DBD000
|
| Size: |
4096
|
|
|
6BCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481596772.0000000006BCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BCF000
|
| Size: |
8192
|
|
|
6610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1561167504.0000000006610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6610000
|
| Size: |
4096
|
|
|
6FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562905366.0000000006FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FC0000
|
| Size: |
4096
|
|
|
5F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434498436.0000000005F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F3E000
|
| Size: |
8192
|
|
|
79C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434772601.00000000079C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79C2000
|
| Size: |
16384
|
|
|
53AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353523155.00000000053AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53AD000
|
| Size: |
12288
|
|
|
1872000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1422939476.0000000001872000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1872000
|
| Size: |
4096
|
|
|
3102000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003102000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3102000
|
| Size: |
8192
|
|
|
761E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566027933.000000000761E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
761E000
|
| Size: |
8192
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337346631.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
8192
|
|
|
340A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000340A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
340A000
|
| Size: |
8192
|
|
|
59C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433437921.00000000059C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59C3000
|
| Size: |
8192
|
|
|
1120000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464278785.0000000001120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1120000
|
| Size: |
4096
|
|
|
5C2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354140997.0000000005C2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C2F000
|
| Size: |
4096
|
|
|
5D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434326719.0000000005D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5D20000
|
| Size: |
65536
|
|
|
6030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557656168.0000000006030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6030000
|
| Size: |
65536
|
|
|
6B7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1481401873.0000000006B7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B7A000
|
| Size: |
12288
|
|
|
73CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1484073100.00000000073CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73CF000
|
| Size: |
4096
|
|
|
5F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434530901.0000000005F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F7E000
|
| Size: |
8192
|
|
|
1580000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421365497.0000000001580000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
8192
|
|
|
5350000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1555100429.0000000005350000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
65536
|
|
|
7A14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358250148.0000000007A14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A14000
|
| Size: |
20480
|
|
|
5040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1476165006.0000000005040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5040000
|
| Size: |
65536
|
|
|
D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338328766.0000000000D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D8E000
|
| Size: |
8192
|
|
|
32D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1424568511.00000000032D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D0000
|
| Size: |
4096
|
|
|
5700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477765226.0000000005700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5700000
|
| Size: |
65536
|
|
|
79D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434772601.00000000079D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79D4000
|
| Size: |
4096
|
|
|
3416000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000003416000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3416000
|
| Size: |
8192
|
|
|
AD8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1436536029.000000000AD8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD8E000
|
| Size: |
8192
|
|
|
4FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1351619064.0000000004FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FC0000
|
| Size: |
4096
|
|
|
DB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338491122.0000000000DB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
CF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1460922111.0000000000CF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF7000
|
| Size: |
36864
|
|
|
51A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1353370357.00000000051A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1556710510.00000000057A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57A0000
|
| Size: |
65536
|
|
|
15D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421450702.00000000015D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15D3000
|
| Size: |
614400
|
|
|
8CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1573846567.0000000008CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CEE000
|
| Size: |
8192
|
|
|
7440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1484461371.0000000007440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7440000
|
| Size: |
28672
|
|
|
3E03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E03000
|
| Size: |
8192
|
|
|
321D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000321D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
321D000
|
| Size: |
430080
|
|
|
6BF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482473599.0000000006BF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF2000
|
| Size: |
8192
|
|
|
57D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1556813744.00000000057D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57D0000
|
| Size: |
65536
|
|
|
1882000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1423872852.0000000001882000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1882000
|
| Size: |
4096
|
|
|
7DB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570782589.0000000007DB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB2000
|
| Size: |
4096
|
|
|
2D0E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394166701.0000000002D0E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2D0E000
|
| Size: |
8192
|
|
|
7B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435133794.0000000007B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B9F000
|
| Size: |
4096
|
|
|
6374000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1480772190.0000000006374000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6374000
|
| Size: |
20480
|
|
|
601F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1557489903.000000000601F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
601F000
|
| Size: |
4096
|
|
|
1240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464473771.0000000001240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1240000
|
| Size: |
65536
|
|
|
2960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339387690.0000000002960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2960000
|
| Size: |
4096
|
|
|
6FC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562905366.0000000006FC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FC4000
|
| Size: |
36864
|
|
|
625E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559091311.000000000625E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
625E000
|
| Size: |
8192
|
|
|
2D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394233280.0000000002D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D90000
|
| Size: |
24576
|
|
|
126E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1464654534.000000000126E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
126E000
|
| Size: |
8192
|
|
|
B5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337366280.0000000000B5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5D000
|
| Size: |
12288
|
|
|
6333000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1560549344.0000000006333000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6333000
|
| Size: |
40960
|
|
|
13C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541743918.00000000013C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
740D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1358160577.000000000740D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
740D000
|
| Size: |
12288
|
|
|
13B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1541610476.00000000013B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
4096
|
|
|
33F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33F8000
|
| Size: |
8192
|
|
|
6E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562589148.0000000006E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E20000
|
| Size: |
45056
|
|
|
7DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1570659916.0000000007DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB0000
|
| Size: |
4096
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313239087.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
32768
|
|
|
5DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477854398.0000000005DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DBE000
|
| Size: |
8192
|
|
|
5632000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.0000000005632000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5632000
|
| Size: |
36864
|
|
|
62D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1479719743.00000000062D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
62D0000
|
| Size: |
53248
|
|
|
6E3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1354560098.0000000006E3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E3E000
|
| Size: |
28672
|
|
|
7830000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434695146.0000000007830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7830000
|
| Size: |
86016
|
|
|
DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462082038.0000000000DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD4000
|
| Size: |
12288
|
|
|
B3A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1539512155.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3A000
|
| Size: |
24576
|
|
|
2C3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C3C000
|
| Size: |
421888
|
|
|
3113000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1465326268.0000000003113000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3113000
|
| Size: |
8192
|
|
|
5AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433900388.0000000005AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AEE000
|
| Size: |
8192
|
|
|
6BE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1482059301.0000000006BE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BE4000
|
| Size: |
36864
|
|
|
2E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542472916.0000000002E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E10000
|
| Size: |
65536
|
|
|
DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338610342.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
118D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1541425747.000000000118D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
118D000
|
| Size: |
4096
|
|
|
188B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1423930161.000000000188B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
188B000
|
| Size: |
4096
|
|
|
5400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555202883.0000000005400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
12288
|
|
|
DFB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1339058695.0000000000DFB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DFB000
|
| Size: |
4096
|
|
|
14B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542202166.00000000014B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14B4000
|
| Size: |
4096
|
|
|
79B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1485868060.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79B0000
|
| Size: |
282624
|
|
|
4E94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1347855588.0000000004E94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E94000
|
| Size: |
98304
|
|
|
7C04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435302822.0000000007C04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C04000
|
| Size: |
8192
|
|
|
7B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1488338216.0000000007B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B50000
|
| Size: |
8192
|
|
|
294A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394082289.000000000294A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
294A000
|
| Size: |
24576
|
|
|
6000000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1479232904.0000000006000000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6000000
|
| Size: |
65536
|
|
|
5405000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555202883.0000000005405000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5405000
|
| Size: |
16384
|
|
|
43E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1431597299.00000000043E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43E1000
|
| Size: |
28672
|
|
|
BBF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BBF000
|
| Size: |
4096
|
|
|
52B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554606527.00000000052B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52B0000
|
| Size: |
4096
|
|
|
62BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559783014.00000000062BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62BC000
|
| Size: |
8192
|
|
|
4F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1349774743.0000000004F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F70000
|
| Size: |
4096
|
|
|
5032000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1475798992.0000000005032000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5032000
|
| Size: |
49152
|
|
|
51B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1353459083.00000000051B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
6E2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1562669639.0000000006E2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E2D000
|
| Size: |
24576
|
|
|
56E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477570813.00000000056E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56E5000
|
| Size: |
4096
|
|
|
7A05000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1434896936.0000000007A05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A05000
|
| Size: |
16384
|
|
|
33FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.00000000033FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33FF000
|
| Size: |
8192
|
|
|
52C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1554701147.00000000052C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C0000
|
| Size: |
16384
|
|
|
3DE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003DE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DE4000
|
| Size: |
8192
|
|
|
528E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1553864388.000000000528E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
528E000
|
| Size: |
4096
|
|
|
DC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338554021.0000000000DC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DC3000
|
| Size: |
28672
|
|
|
59C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1433437921.00000000059C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59C0000
|
| Size: |
4096
|
|
|
60E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1558813301.00000000060E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
60E0000
|
| Size: |
16384
|
|
|
14B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542202166.00000000014B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14B0000
|
| Size: |
4096
|
|
|
56C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56C2000
|
| Size: |
36864
|
|
|
316F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1313310867.000000000316F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
316F000
|
| Size: |
4096
|
|
|
A7CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359610897.000000000A7CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7CF000
|
| Size: |
4096
|
|
|
1560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1421132178.0000000001560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
8192
|
|
|
3B41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003B41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B41000
|
| Size: |
36864
|
|
|
2F4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
8192
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1337394245.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
36864
|
|
|
341B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.000000000341B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
341B000
|
| Size: |
8192
|
|
|
A80C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1359638048.000000000A80C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A80C000
|
| Size: |
16384
|
|
|
F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1339192763.0000000000F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1E000
|
| Size: |
8192
|
|
|
56A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1477161703.00000000056A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56A0000
|
| Size: |
36864
|
|
|
3E31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1550554464.0000000003E31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E31000
|
| Size: |
36864
|
|
|
7BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1435245850.0000000007BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF0000
|
| Size: |
65536
|
|
|
DF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1338989087.0000000000DF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DF2000
|
| Size: |
4096
|
|
|
62A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559641345.00000000062A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62A9000
|
| Size: |
16384
|
|
|
EB8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1462212057.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EB8000
|
| Size: |
8192
|
|
|
39B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1343263156.00000000039B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B1000
|
| Size: |
28672
|
|
|
62BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1559822380.00000000062BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62BF000
|
| Size: |
28672
|
|
|
77FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1566250448.00000000077FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77FD000
|
| Size: |
12288
|
|
|
50AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1352033786.00000000050AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50AC000
|
| Size: |
16384
|
|
|
3E62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E62000
|
| Size: |
8192
|
|
|
3E23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1471403410.0000000003E23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E23000
|
| Size: |
8192
|
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1394318816.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F0E000
|
| Size: |
8192
|
|
|
6120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1558948155.0000000006120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6120000
|
| Size: |
16384
|
|
|
6080000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1558613742.0000000006080000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6080000
|
| Size: |
65536
|
|
|
5641000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1555720118.0000000005641000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5641000
|
| Size: |
32768
|
|
|
2F5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1542629987.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5B000
|
| Size: |
4096
|
|
