|
F12000
|
unkown
|
page readonly
|
 |
|
|
| Name: |
00000005.00000000.1286708440.0000000000F12000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F12000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample uses string decryption to hide its real strings |
AV Detection |
|
| Yara signature match |
System Summary |
|
|
|
F62000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1287361555.0000000000F62000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F62000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Njrat |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May infect USB drives |
Spreading |
Replication Through Removable Media
|
| Yara signature match |
System Summary |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
125A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289791378.00000000125A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
125A8000
|
| Size: |
307200
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Njrat |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May infect USB drives |
Spreading |
Replication Through Removable Media
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara signature match |
System Summary |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
3511000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755803408.0000000003511000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3511000
|
| Size: |
245760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C81EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1489325631.0000006C81EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81EBE000
|
| Size: |
8192
|
|
|
7FF7C7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3160421941.00007FF7C7FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FC0000
|
| Size: |
8192
|
|
|
20535A25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535A25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535A25000
|
| Size: |
86016
|
|
|
6C81E3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1489216042.0000006C81E3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81E3C000
|
| Size: |
16384
|
|
|
1EDBBE8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2481823595.000001EDBBE8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE8D000
|
| Size: |
8192
|
|
|
2F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321118782.0000000002F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F09000
|
| Size: |
143360
|
|
|
7FF7C7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2550990555.00007FF7C7F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F90000
|
| Size: |
4096
|
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321349733.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
53248
|
|
|
1C6DBE2F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE2F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE2F000
|
| Size: |
8192
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325747230.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
16384
|
|
|
67AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768403349.00000000067AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67AD000
|
| Size: |
12288
|
|
|
1B01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3754993366.0000000001B01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B01000
|
| Size: |
16384
|
|
|
6B1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769003879.0000000006B1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B1D000
|
| Size: |
12288
|
|
|
20544691000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544691000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544691000
|
| Size: |
274432
|
|
|
1C6DEBF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEBF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEBF6000
|
| Size: |
835584
|
|
|
7FF7C7C36000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3116227699.00007FF7C7C36000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C36000
|
| Size: |
86016
|
|
|
7FF7C7B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3763996599.00007FF7C7B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B54000
|
| Size: |
8192
|
|
|
138C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.000000000138C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138C000
|
| Size: |
131072
|
|
|
4DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329285893.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
40960
|
|
|
1EDA5893000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5893000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5893000
|
| Size: |
16384
|
|
|
7FF7C7CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2526333123.00007FF7C7CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CE0000
|
| Size: |
4096
|
|
|
2D8AF071000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AF071000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AF071000
|
| Size: |
454656
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1C6EDA51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDA51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDA51000
|
| Size: |
217088
|
|
|
1C6F6185000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3100399042.000001C6F6185000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6185000
|
| Size: |
69632
|
|
|
2D8C7970000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2006253264.000002D8C7970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7970000
|
| Size: |
4096
|
|
|
7FF7C7EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB0000
|
| Size: |
4096
|
|
|
2D8B09C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B09C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B09C1000
|
| Size: |
4763648
|
|
|
7FF7C7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2006979691.00007FF7C7B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B60000
|
| Size: |
40960
|
|
|
E262C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1778105464.000000E262C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262C8E000
|
| Size: |
8192
|
|
|
5467000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1323569633.0000000005467000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5467000
|
| Size: |
40960
|
|
|
1C6DDED8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDED8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDED8000
|
| Size: |
77824
|
|
|
1EDA2060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2120412740.000001EDA2060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA2060000
|
| Size: |
65536
|
|
|
353A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3756916373.000000000353A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
353A000
|
| Size: |
4096
|
|
|
13513000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3759280163.0000000013513000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13513000
|
| Size: |
16384
|
|
|
4C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3762922519.0000000004C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
176128
|
|
|
7FF7C7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1697515671.00007FF7C7B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B60000
|
| Size: |
40960
|
|
|
7FF7C7CF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2011210763.00007FF7C7CF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CF2000
|
| Size: |
57344
|
|
|
1C6F5E62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5E62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E62000
|
| Size: |
32768
|
|
|
2D8BF362000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF362000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF362000
|
| Size: |
16384
|
|
|
2D8B0E4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0E4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0E4D000
|
| Size: |
143360
|
|
|
20534410000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1494200965.0000020534410000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
20534410000
|
| Size: |
4096
|
|
|
7FF7C7D40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1708379071.00007FF7C7D40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D40000
|
| Size: |
45056
|
|
|
7FF7C7E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3148868277.00007FF7C7E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E30000
|
| Size: |
65536
|
|
|
1EDA3C99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA3C99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA3C99000
|
| Size: |
2764800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
987927F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089095227.000000987927F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987927F000
|
| Size: |
4096
|
|
|
9451000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.0000000009451000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9451000
|
| Size: |
1392640
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
20535875000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535875000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535875000
|
| Size: |
598016
|
|
|
341D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755395350.000000000341D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341D000
|
| Size: |
12288
|
|
|
F10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1286693610.0000000000F10000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F10000
|
| Size: |
4096
|
|
|
547E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1322073320.000000000547E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547E000
|
| Size: |
8192
|
|
|
2054CB5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1681709010.000002054CB5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB5B000
|
| Size: |
204800
|
|
|
2D8B009E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B009E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B009E000
|
| Size: |
397312
|
|
|
2F22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1322959177.0000000002F22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F22000
|
| Size: |
262144
|
|
|
3500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3755433164.0000000003500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3500000
|
| Size: |
8192
|
|
|
205350B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205350B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205350B4000
|
| Size: |
1716224
|
|
|
987A54D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2099522513.000000987A54D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A54D000
|
| Size: |
12288
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320869789.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
294912
|
|
|
1701000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3754203672.0000000001701000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1701000
|
| Size: |
16384
|
|
|
1C6DBE4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE4B000
|
| Size: |
20480
|
|
|
1EDBC22B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2519417440.000001EDBC22B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC22B000
|
| Size: |
24576
|
|
|
20532B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492002074.0000020532B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B00000
|
| Size: |
8192
|
|
|
2F4F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320974043.0000000002F4F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
24576
|
|
|
7FF7C7E99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543265895.00007FF7C7E99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E99000
|
| Size: |
28672
|
|
|
1EDB3E83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3E83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3E83000
|
| Size: |
663552
|
|
|
1C6DE988000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE988000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE988000
|
| Size: |
12288
|
|
|
205346E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205346E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205346E7000
|
| Size: |
1683456
|
|
|
1EDA38E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2123132151.000001EDA38E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA38E1000
|
| Size: |
798720
|
|
|
7FF7C7E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2023396078.00007FF7C7E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E20000
|
| Size: |
65536
|
|
|
2D8B0247000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0247000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0247000
|
| Size: |
831488
|
|
|
20544661000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544661000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544661000
|
| Size: |
69632
|
|
|
1C6DF7FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF7FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF7FD000
|
| Size: |
143360
|
|
|
2F4F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321047426.0000000002F4F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
24576
|
|
|
B375FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2626613657.0000000B375FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B375FB000
|
| Size: |
20480
|
|
|
20535A3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535A3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535A3C000
|
| Size: |
5111808
|
|
|
1C6DECC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DECC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DECC3000
|
| Size: |
385024
|
|
|
7FF7C7B4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2523273715.00007FF7C7B4D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B4D000
|
| Size: |
12288
|
|
|
2D8B07F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B07F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B07F4000
|
| Size: |
929792
|
|
|
547C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326593298.000000000547C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547C000
|
| Size: |
20480
|
|
|
3542000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3757153328.0000000003542000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3542000
|
| Size: |
4096
|
|
|
2F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327190654.0000000002F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F01000
|
| Size: |
32768
|
|
|
13521000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3759280163.0000000013521000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13521000
|
| Size: |
69632
|
|
|
7FF7C7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2028102713.00007FF7C7EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EC0000
|
| Size: |
40960
|
|
|
CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289708692.0000000000CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CFE000
|
| Size: |
8192
|
|
|
1C6F61C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3104657235.000001C6F61C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F61C1000
|
| Size: |
4096
|
|
|
7FF7C7C0C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3115707433.00007FF7C7C0C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C0C000
|
| Size: |
61440
|
|
|
3537000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3756865551.0000000003537000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3537000
|
| Size: |
4096
|
|
|
6C81DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1488856050.0000006C81DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81DBF000
|
| Size: |
4096
|
|
|
624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288502729.0000000000624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
624000
|
| Size: |
20480
|
|
|
7FF7C7B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2523698483.00007FF7C7B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B50000
|
| Size: |
40960
|
|
|
7DF434300000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3110799533.00007DF434300000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF434300000
|
| Size: |
4096
|
|
|
7FF7C7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2030869948.00007FF7C7F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F80000
|
| Size: |
36864
|
|
|
7FF7C7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2550990555.00007FF7C7F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F96000
|
| Size: |
16384
|
|
|
1C6F6197000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3103939029.000001C6F6197000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6197000
|
| Size: |
20480
|
|
|
B3848E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2630304264.0000000B3848E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3848E000
|
| Size: |
8192
|
|
|
B3747E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2625838804.0000000B3747E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3747E000
|
| Size: |
8192
|
|
|
2D8AD301000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD301000
|
| Size: |
122880
|
|
|
20535666000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535666000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535666000
|
| Size: |
176128
|
|
|
7FF7C7CF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3117812300.00007FF7C7CF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CF2000
|
| Size: |
32768
|
|
|
7FF7C7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1711944998.00007FF7C7DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DB0000
|
| Size: |
65536
|
|
|
5480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329494488.0000000005480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5480000
|
| Size: |
4096
|
|
|
259E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289732359.000000000259E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
259E000
|
| Size: |
8192
|
|
|
2F7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328932158.0000000002F7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F7F000
|
| Size: |
36864
|
|
|
3522000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3756081816.0000000003522000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3522000
|
| Size: |
24576
|
|
|
7FF7C7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2014114971.00007FF7C7D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D50000
|
| Size: |
65536
|
|
|
1EDA1E3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E3D000
|
| Size: |
16384
|
|
|
7FF7C7B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3111730537.00007FF7C7B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B54000
|
| Size: |
36864
|
|
|
2D8AF298000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AF298000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AF298000
|
| Size: |
2768896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2054CBB9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1681709010.000002054CBB9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CBB9000
|
| Size: |
24576
|
|
|
1C6DC0A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644089943.000001C6DC0A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DC0A0000
|
| Size: |
4096
|
|
|
2F3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327737592.0000000002F3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3C000
|
| Size: |
16384
|
|
|
1C6F5E5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066484709.000001C6F5E5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E5E000
|
| Size: |
4096
|
|
|
1EDA1D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2100446922.000001EDA1D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1D30000
|
| Size: |
16384
|
|
|
1EDA3AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA3AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA3AF0000
|
| Size: |
1708032
|
|
|
20535721000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535721000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535721000
|
| Size: |
393216
|
|
|
1EDA4A72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4A72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4A72000
|
| Size: |
176128
|
|
|
1EDBC226000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2519417440.000001EDBC226000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC226000
|
| Size: |
16384
|
|
|
7FF7C7C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2010713167.00007FF7C7C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C70000
|
| Size: |
53248
|
|
|
7FF7C7C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290780613.00007FF7C7C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C90000
|
| Size: |
8192
|
|
|
7FF7C7B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1695174710.00007FF7C7B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B50000
|
| Size: |
4096
|
|
|
7FF7C7B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1695174710.00007FF7C7B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B52000
|
| Size: |
4096
|
|
|
1C6DC005000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2641872337.000001C6DC005000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DC005000
|
| Size: |
24576
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327639400.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
98304
|
|
|
5440000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329412947.0000000005440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
135168
|
|
|
7FF7C7D34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3119864129.00007FF7C7D34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D34000
|
| Size: |
12288
|
|
|
2EE3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327709192.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE3000
|
| Size: |
73728
|
|
|
1C6F612E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3100399042.000001C6F612E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F612E000
|
| Size: |
286720
|
|
|
1EDA2130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2121530110.000001EDA2130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA2130000
|
| Size: |
16384
|
|
|
2F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326977409.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F1E000
|
| Size: |
57344
|
|
|
1EDB3D76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3D76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3D76000
|
| Size: |
1097728
|
|
|
2EBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328391918.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EBA000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327814981.0000000004AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AA0000
|
| Size: |
4096
|
|
|
7FF7C7D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1704216598.00007FF7C7D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D0A000
|
| Size: |
24576
|
|
|
7FF7C7CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1703722219.00007FF7C7CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CF0000
|
| Size: |
65536
|
|
|
2E4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328322875.0000000002E4E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2E4E000
|
| Size: |
8192
|
|
|
7FF7C7E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1718122957.00007FF7C7E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E60000
|
| Size: |
57344
|
|
|
7FF7C7E94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543265895.00007FF7C7E94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E94000
|
| Size: |
4096
|
|
|
E262E8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1780694221.000000E262E8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262E8C000
|
| Size: |
16384
|
|
|
1EDA1FE0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.2116866810.000001EDA1FE0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
1EDA1FE0000
|
| Size: |
4096
|
|
|
1EDB3A71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3A71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3A71000
|
| Size: |
77824
|
|
|
7FF7C7D32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2013376397.00007FF7C7D32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D32000
|
| Size: |
4096
|
|
|
205360EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205360EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205360EA000
|
| Size: |
4763648
|
|
|
205344A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495334698.00000205344A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205344A0000
|
| Size: |
16384
|
|
|
7FF7C7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2531163182.00007FF7C7D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D50000
|
| Size: |
65536
|
|
|
7FF7C7CE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2526333123.00007FF7C7CE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CE2000
|
| Size: |
57344
|
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3745076704.0000000000FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
2D8AD4D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1790936956.000002D8AD4D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AD4D0000
|
| Size: |
65536
|
|
|
7FF7C7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1714146476.00007FF7C7DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DF0000
|
| Size: |
65536
|
|
|
6C81B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1487325904.0000006C81B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81B3E000
|
| Size: |
8192
|
|
|
351A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3755772874.000000000351A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
351A000
|
| Size: |
8192
|
|
|
7FF7C7E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1718592313.00007FF7C7E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E70000
|
| Size: |
16384
|
|
|
1C6F5F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3070529625.000001C6F5F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5F1E000
|
| Size: |
24576
|
|
|
7FF7C7D64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3139858620.00007FF7C7D64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D64000
|
| Size: |
49152
|
|
|
1C6DC090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644036890.000001C6DC090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DC090000
|
| Size: |
4096
|
|
|
20532B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B50000
|
| Size: |
28672
|
|
|
7FF7C7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3156869969.00007FF7C7F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F60000
|
| Size: |
32768
|
|
|
7FF7C7B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3764852217.00007FF7C7B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B70000
|
| Size: |
4096
|
|
|
1C6DC125000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644190220.000001C6DC125000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DC125000
|
| Size: |
40960
|
|
|
B371EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2625622898.0000000B371EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B371EF000
|
| Size: |
4096
|
|
|
16AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3753168021.00000000016AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16AE000
|
| Size: |
4096
|
|
|
9878FA3000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2088856838.0000009878FA3000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9878FA3000
|
| Size: |
53248
|
|
|
7FF7C7D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2011814460.00007FF7C7D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D01000
|
| Size: |
32768
|
|
|
2D8B0E72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0E72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0E72000
|
| Size: |
118784
|
|
|
7FF7C7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3154591757.00007FF7C7EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EC0000
|
| Size: |
65536
|
|
|
1C6F60B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60B1000
|
| Size: |
4096
|
|
|
975C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.000000000975C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
975C000
|
| Size: |
73728
|
|
|
2EE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328391918.0000000002EE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE7000
|
| Size: |
57344
|
|
|
1EDA1D95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2101008621.000001EDA1D95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1D95000
|
| Size: |
24576
|
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755803408.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
359A000
|
| Size: |
4096
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326939864.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
57344
|
|
|
E262D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1778860241.000000E262D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262D8E000
|
| Size: |
8192
|
|
|
6E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769208155.0000000006E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E5E000
|
| Size: |
8192
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3745900230.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
8192
|
|
|
987977E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2092962853.000000987977E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987977E000
|
| Size: |
8192
|
|
|
1C6DF2B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF2B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF2B0000
|
| Size: |
778240
|
|
|
1C25D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290007517.000000001C25D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C25D000
|
| Size: |
12288
|
|
|
180000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1288160494.0000000000180000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
180000
|
| Size: |
4096
|
|
|
5FCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3767742998.0000000005FCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FCB000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1C35E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290063064.000000001C35E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C35E000
|
| Size: |
8192
|
|
|
7FF7C7E73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2542947357.00007FF7C7E73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E73000
|
| Size: |
28672
|
|
|
1EDA4D76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4D76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4D76000
|
| Size: |
204800
|
|
|
2F81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321937080.0000000002F81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F81000
|
| Size: |
188416
|
|
|
1C6F61F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3107676840.000001C6F61F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F61F6000
|
| Size: |
36864
|
|
|
7FF7C7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2550617400.00007FF7C7F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F80000
|
| Size: |
36864
|
|
|
8000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769525709.0000000008000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8000000
|
| Size: |
102400
|
|
|
2F5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321047426.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
12288
|
|
|
2D8AFAC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AFAC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AFAC3000
|
| Size: |
1712128
|
|
|
7DF4956B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1694707433.00007DF4956B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF4956B0000
|
| Size: |
4096
|
|
|
7FF7C7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2020060924.00007FF7C7DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DC0000
|
| Size: |
65536
|
|
|
2054CB3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1681333579.000002054CB3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB3C000
|
| Size: |
16384
|
|
|
20534470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495334698.0000020534470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534470000
|
| Size: |
4096
|
|
|
1626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3747716197.0000000001626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1626000
|
| Size: |
32768
|
|
|
2054CE92000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CE92000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CE92000
|
| Size: |
8192
|
|
|
352A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3756433747.000000000352A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
352A000
|
| Size: |
4096
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3745973902.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
7FF7C7D00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2527980928.00007FF7C7D00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D00000
|
| Size: |
4096
|
|
|
20534B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020534B2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534B2F000
|
| Size: |
5783552
|
|
|
1370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746247397.0000000001370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
4096
|
|
|
162F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3748838788.000000000162F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162F000
|
| Size: |
73728
|
|
|
1EDA1DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1DE0000
|
| Size: |
28672
|
|
|
7FF7C7D30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2529653329.00007FF7C7D30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D30000
|
| Size: |
45056
|
|
|
1C6F61A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3104657235.000001C6F61A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F61A2000
|
| Size: |
90112
|
|
|
7FF7C7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2524176917.00007FF7C7B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B60000
|
| Size: |
4096
|
|
|
1A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3754689238.0000000001A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A01000
|
| Size: |
16384
|
|
|
1C3CA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3763345223.000000001C3CA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C3CA000
|
| Size: |
24576
|
|
|
2054CAC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1678309160.000002054CAC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CAC2000
|
| Size: |
258048
|
|
|
7FF7C7B42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2521233522.00007FF7C7B42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B42000
|
| Size: |
4096
|
|
|
E261F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777287629.000000E261F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261F3E000
|
| Size: |
8192
|
|
|
3701000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3759256602.0000000003701000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3701000
|
| Size: |
4096
|
|
|
C80670F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178447217.000000C80670F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C80670F000
|
| Size: |
4096
|
|
|
4CF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3762922519.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CF6000
|
| Size: |
151552
|
|
|
2FAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329009656.0000000002FAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FAE000
|
| Size: |
4096
|
|
|
E262E07000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1780253904.000000E262E07000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262E07000
|
| Size: |
36864
|
|
|
7FF7C7D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2011814460.00007FF7C7D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D0A000
|
| Size: |
24576
|
|
|
2ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328391918.0000000002ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2ED1000
|
| Size: |
73728
|
|
|
20535605000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535605000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535605000
|
| Size: |
385024
|
|
|
1EDA4A9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4A9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4A9E000
|
| Size: |
401408
|
|
|
2D8AD2F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD2F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD2F7000
|
| Size: |
36864
|
|
|
20532C2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532C2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532C2D000
|
| Size: |
110592
|
|
|
3520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3755911597.0000000003520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3520000
|
| Size: |
8192
|
|
|
7FF7C7E83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2025776619.00007FF7C7E83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E83000
|
| Size: |
28672
|
|
|
1C6DE797000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE797000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE797000
|
| Size: |
278528
|
|
|
166D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3750513872.000000000166D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166D000
|
| Size: |
4096
|
|
|
205365BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205365BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205365BC000
|
| Size: |
12288
|
|
|
987987D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2094193223.000000987987D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987987D000
|
| Size: |
12288
|
|
|
1EDA20E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2121371398.000001EDA20E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1EDA20E0000
|
| Size: |
4096
|
|
|
2D8B0190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0190000
|
| Size: |
237568
|
|
|
6AC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289302516.00000000006AC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6AC000
|
| Size: |
4096
|
|
|
7FF7C7F80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3157914032.00007FF7C7F80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7F80000
|
| Size: |
4096
|
|
|
20544682000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544682000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544682000
|
| Size: |
8192
|
|
|
1C6F60E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3079674584.000001C6F60E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60E8000
|
| Size: |
20480
|
|
|
2D8C7713000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2004962978.000002D8C7713000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7713000
|
| Size: |
188416
|
|
|
1EDBC21A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2498910575.000001EDBC21A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC21A000
|
| Size: |
12288
|
|
|
2D8C766C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1999733554.000002D8C766C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C766C000
|
| Size: |
118784
|
|
|
7FF7C7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2020595282.00007FF7C7DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DD0000
|
| Size: |
65536
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319619189.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
12288
|
|
|
354C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3757484454.000000000354C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
354C000
|
| Size: |
4096
|
|
|
7FF7C7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3143018204.00007FF7C7DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DC0000
|
| Size: |
65536
|
|
|
7FF7C7B7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3764960327.00007FF7C7B7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B7D000
|
| Size: |
4096
|
|
|
13C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C6000
|
| Size: |
20480
|
|
|
2F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1323882210.0000000002F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F09000
|
| Size: |
90112
|
|
|
7FF7C7EBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EBA000
|
| Size: |
4096
|
|
|
7FF7C7D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3118293835.00007FF7C7D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D01000
|
| Size: |
32768
|
|
|
987957E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089947070.000000987957E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987957E000
|
| Size: |
8192
|
|
|
7FF7C7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1712231720.00007FF7C7DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DC0000
|
| Size: |
65536
|
|
|
1EDA1E27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E27000
|
| Size: |
4096
|
|
|
7FF7C7EA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543683726.00007FF7C7EA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA8000
|
| Size: |
12288
|
|
|
1C6F5EAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5EAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5EAE000
|
| Size: |
69632
|
|
|
E262038000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777383761.000000E262038000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262038000
|
| Size: |
32768
|
|
|
6C81AF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1486980080.0000006C81AF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81AF9000
|
| Size: |
28672
|
|
|
2D8C7465000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7465000
|
| Size: |
4096
|
|
|
6C81D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1488530350.0000006C81D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81D3E000
|
| Size: |
8192
|
|
|
2D8B0374000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0374000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0374000
|
| Size: |
753664
|
|
|
1EDA1E1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E1F000
|
| Size: |
4096
|
|
|
20532B40000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492023994.0000020532B40000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
20532B40000
|
| Size: |
4096
|
|
|
1F312768000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178730321.000001F312768000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312768000
|
| Size: |
159744
|
|
|
1EDBBEF7000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2483427458.000001EDBBEF7000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1EDBBEF7000
|
| Size: |
12288
|
|
|
7FF7C7EBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EBC000
|
| Size: |
8192
|
|
|
1EDA2135000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2121530110.000001EDA2135000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA2135000
|
| Size: |
40960
|
|
|
2F1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1323851520.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
12288
|
|
|
530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288258004.0000000000530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
530000
|
| Size: |
12288
|
|
|
1C6DEB40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEB40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEB40000
|
| Size: |
737280
|
|
|
7FF7C7F70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1722909224.00007FF7C7F70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7F70000
|
| Size: |
4096
|
|
|
2D8B0102000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0102000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0102000
|
| Size: |
172032
|
|
|
7FF7C7F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2546876785.00007FF7C7F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F30000
|
| Size: |
8192
|
|
|
95A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.00000000095A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95A6000
|
| Size: |
1785856
|
|
|
1EDBC149000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2490463019.000001EDBC149000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC149000
|
| Size: |
81920
|
|
|
7FF7C7F5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2030441241.00007FF7C7F5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F5E000
|
| Size: |
8192
|
|
|
1C6F5EDA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3070529625.000001C6F5EDA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5EDA000
|
| Size: |
16384
|
|
|
7FF7C7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2548846306.00007FF7C7F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F50000
|
| Size: |
32768
|
|
|
1C6F6082000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F6082000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6082000
|
| Size: |
102400
|
|
|
2054CB03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1678309160.000002054CB03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB03000
|
| Size: |
4096
|
|
|
1C6F6200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3107676840.000001C6F6200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6200000
|
| Size: |
16384
|
|
|
4F4000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288238664.00000000004F4000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F4000
|
| Size: |
49152
|
|
|
E261DF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777095722.000000E261DF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261DF9000
|
| Size: |
28672
|
|
|
53EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329375225.00000000053EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53EF000
|
| Size: |
4096
|
|
|
3550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3757600723.0000000003550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3550000
|
| Size: |
4096
|
|
|
1600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3747081259.0000000001600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1600000
|
| Size: |
36864
|
|
|
7FF7C7E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2024543540.00007FF7C7E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E50000
|
| Size: |
65536
|
|
|
7FF7C7F33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2546876785.00007FF7C7F33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F33000
|
| Size: |
53248
|
|
|
2D8C73E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1965851321.000002D8C73E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C73E8000
|
| Size: |
86016
|
|
|
7FF7C7B53000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1695642729.00007FF7C7B53000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B53000
|
| Size: |
4096
|
|
|
2F3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324283296.0000000002F3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3B000
|
| Size: |
159744
|
|
|
2D8AD5C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1793025992.000002D8AD5C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD5C5000
|
| Size: |
40960
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328243877.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
16384
|
|
|
1414000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746884436.0000000001414000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1414000
|
| Size: |
4096
|
|
|
2054CB93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1681709010.000002054CB93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB93000
|
| Size: |
151552
|
|
|
5476000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326593298.0000000005476000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5476000
|
| Size: |
4096
|
|
|
6C81BB7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1487673811.0000006C81BB7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81BB7000
|
| Size: |
36864
|
|
|
2F5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320974043.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
12288
|
|
|
9236000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770529562.0000000009236000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9236000
|
| Size: |
12288
|
|
|
7FF7C7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3160036649.00007FF7C7FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FB0000
|
| Size: |
65536
|
|
|
987937A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089326376.000000987937A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987937A000
|
| Size: |
24576
|
|
|
987A3CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2097919374.000000987A3CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A3CC000
|
| Size: |
16384
|
|
|
30AF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329028863.00000000030AF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
4096
|
|
|
2053525A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053525A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053525A000
|
| Size: |
61440
|
|
|
7FF7C7B74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290429668.00007FF7C7B74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B74000
|
| Size: |
4096
|
|
|
13AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13AF000
|
| Size: |
8192
|
|
|
2D8C7471000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7471000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7471000
|
| Size: |
4096
|
|
|
20532B95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B95000
|
| Size: |
4096
|
|
|
7FF7C7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3113001912.00007FF7C7B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B60000
|
| Size: |
40960
|
|
|
7DF44DC60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2006326372.00007DF44DC60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF44DC60000
|
| Size: |
4096
|
|
|
7FF7C7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2546104479.00007FF7C7EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EC0000
|
| Size: |
16384
|
|
|
7FF7C7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2028930716.00007FF7C7EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EE0000
|
| Size: |
45056
|
|
|
2FA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325666777.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
16384
|
|
|
4C9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3762922519.0000000004C9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C9F000
|
| Size: |
151552
|
|
|
1EDB3D5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3D5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3D5E000
|
| Size: |
12288
|
|
|
7FF7C7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3155244180.00007FF7C7ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7ED0000
|
| Size: |
16384
|
|
|
7FF7C7D40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2013858217.00007FF7C7D40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D40000
|
| Size: |
45056
|
|
|
2F31000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325697097.0000000002F31000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F31000
|
| Size: |
40960
|
|
|
1EDBC020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2484184888.000001EDBC020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDBC020000
|
| Size: |
4096
|
|
|
1C6DC0D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644089943.000001C6DC0D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DC0D0000
|
| Size: |
12288
|
|
|
3310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755240784.0000000003310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3310000
|
| Size: |
4096
|
|
|
20536029000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020536029000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20536029000
|
| Size: |
401408
|
|
|
7FF7C7D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1704216598.00007FF7C7D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D01000
|
| Size: |
32768
|
|
|
205329F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491245996.00000205329F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
205329F0000
|
| Size: |
4096
|
|
|
1650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3753297374.0000000001650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1650000
|
| Size: |
8192
|
|
|
13511000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3759280163.0000000013511000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13511000
|
| Size: |
4096
|
|
|
7FF7C7EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3152189528.00007FF7C7EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA0000
|
| Size: |
4096
|
|
|
7FF7C7FA3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2031481804.00007FF7C7FA3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FA3000
|
| Size: |
53248
|
|
|
2D8C73B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1965851321.000002D8C73B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C73B0000
|
| Size: |
28672
|
|
|
7FF7C7C56000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290757786.00007FF7C7C56000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C56000
|
| Size: |
4096
|
|
|
7FF4109C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290381676.00007FF4109C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF4109C0000
|
| Size: |
4096
|
|
|
2F9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326388217.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
65536
|
|
|
66AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768262363.00000000066AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66AC000
|
| Size: |
16384
|
|
|
7FF7C7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1723120329.00007FF7C7F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F80000
|
| Size: |
36864
|
|
|
7FF7C7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3146586252.00007FF7C7E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E00000
|
| Size: |
65536
|
|
|
2D8AD210000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781351248.000002D8AD210000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD210000
|
| Size: |
4096
|
|
|
6DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289405008.00000000006DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DF000
|
| Size: |
135168
|
|
|
2054CAC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1678309160.000002054CAC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CAC0000
|
| Size: |
4096
|
|
|
1EDA1DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2101804796.000001EDA1DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1DA0000
|
| Size: |
4096
|
|
|
2053596A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053596A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053596A000
|
| Size: |
749568
|
|
|
681D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768488859.000000000681D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
681D000
|
| Size: |
12288
|
|
|
7FF7C7B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290496671.00007FF7C7B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B80000
|
| Size: |
4096
|
|
|
63E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288603158.000000000063E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63E000
|
| Size: |
12288
|
|
|
20532C49000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532C49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532C49000
|
| Size: |
24576
|
|
|
1C6DBEE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBEE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBEE0000
|
| Size: |
4096
|
|
|
7FF7C7EA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543683726.00007FF7C7EA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA2000
|
| Size: |
20480
|
|
|
7FF7C7D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3118293835.00007FF7C7D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D0A000
|
| Size: |
24576
|
|
|
2EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319489260.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF5000
|
| Size: |
28672
|
|
|
5462000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324230266.0000000005462000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5462000
|
| Size: |
20480
|
|
|
1C6DE984000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE984000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE984000
|
| Size: |
12288
|
|
|
7FF7C7F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3157382072.00007FF7C7F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F70000
|
| Size: |
65536
|
|
|
6AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289353954.00000000006AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6AE000
|
| Size: |
196608
|
|
|
7FF7C7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3142363815.00007FF7C7DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DB0000
|
| Size: |
65536
|
|
|
1C6DBE74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE74000
|
| Size: |
438272
|
|
|
1AE02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289927682.000000001AE02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1AE02000
|
| Size: |
4096
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746625894.0000000001400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
28672
|
|
|
2D8AD265000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD265000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD265000
|
| Size: |
4096
|
|
|
7FF7C7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3140657869.00007FF7C7D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D80000
|
| Size: |
65536
|
|
|
98D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.00000000098D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
98D3000
|
| Size: |
1609728
|
|
|
1EDBBE02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2478134299.000001EDBBE02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE02000
|
| Size: |
188416
|
|
|
7FF7C7E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2023693049.00007FF7C7E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E30000
|
| Size: |
65536
|
|
|
2D8B0E92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0E92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0E92000
|
| Size: |
16384
|
|
|
2D8C73FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1965851321.000002D8C73FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C73FE000
|
| Size: |
163840
|
|
|
1EDA1FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2115442395.000001EDA1FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA1FB0000
|
| Size: |
16384
|
|
|
2053608C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053608C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053608C000
|
| Size: |
376832
|
|
|
7FF7C7D10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1705735783.00007FF7C7D10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D10000
|
| Size: |
24576
|
|
|
6C82A8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1490766914.0000006C82A8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C82A8C000
|
| Size: |
16384
|
|
|
2D8B08D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B08D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B08D9000
|
| Size: |
147456
|
|
|
1C6DBE35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE35000
|
| Size: |
20480
|
|
|
1EDA51F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA51F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA51F5000
|
| Size: |
929792
|
|
|
1EDA4A0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4A0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4A0D000
|
| Size: |
401408
|
|
|
2D8AD410000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1790141179.000002D8AD410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD410000
|
| Size: |
8192
|
|
|
1EDBC1FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2497096726.000001EDBC1FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC1FE000
|
| Size: |
20480
|
|
|
7FF7C7C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290688898.00007FF7C7C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C20000
|
| Size: |
4096
|
|
|
7FF7C7B53000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3111507423.00007FF7C7B53000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B53000
|
| Size: |
4096
|
|
|
E261D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777051716.000000E261D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261D7E000
|
| Size: |
8192
|
|
|
20532B93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B93000
|
| Size: |
4096
|
|
|
5467000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326667442.0000000005467000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5467000
|
| Size: |
16384
|
|
|
560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288292102.0000000000560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
560000
|
| Size: |
4096
|
|
|
1C6DEDE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEDE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEDE1000
|
| Size: |
3940352
|
|
|
7FF7C7FAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3158876288.00007FF7C7FAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FAD000
|
| Size: |
12288
|
|
|
7FF7C7FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3160744102.00007FF7C7FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FD0000
|
| Size: |
65536
|
|
|
7DF400A80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2520840543.00007DF400A80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF400A80000
|
| Size: |
4096
|
|
|
1EDA4C81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4C81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4C81000
|
| Size: |
598016
|
|
|
1F312950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3179217093.000001F312950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312950000
|
| Size: |
4096
|
|
|
613000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288502729.0000000000613000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
613000
|
| Size: |
40960
|
|
|
987A44E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2098391163.000000987A44E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A44E000
|
| Size: |
8192
|
|
|
7FF7C7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2030574764.00007FF7C7F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F60000
|
| Size: |
32768
|
|
|
7FF7C7EA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1719660774.00007FF7C7EA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA9000
|
| Size: |
28672
|
|
|
7FF7C7C30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290736294.00007FF7C7C30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C30000
|
| Size: |
4096
|
|
|
7FF7C7B5D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3112455190.00007FF7C7B5D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B5D000
|
| Size: |
12288
|
|
|
7FF7C7EAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543683726.00007FF7C7EAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EAC000
|
| Size: |
8192
|
|
|
7FF7C7C60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2525881899.00007FF7C7C60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C60000
|
| Size: |
53248
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3745231516.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
2D8AF060000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1797092354.000002D8AF060000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D8AF060000
|
| Size: |
4096
|
|
|
2F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326908083.0000000002F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F09000
|
| Size: |
155648
|
|
|
2D8AD4B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1790829733.000002D8AD4B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AD4B0000
|
| Size: |
4096
|
|
|
643000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288603158.0000000000643000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
643000
|
| Size: |
12288
|
|
|
2D8BF091000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF091000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF091000
|
| Size: |
8192
|
|
|
6C8197E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1473503163.0000006C8197E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8197E000
|
| Size: |
8192
|
|
|
1EDBBE4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2480009665.000001EDBBE4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE4B000
|
| Size: |
212992
|
|
|
1EDBBE80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2481823595.000001EDBBE80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE80000
|
| Size: |
45056
|
|
|
2F2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324805856.0000000002F2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2D000
|
| Size: |
57344
|
|
|
1C6F6077000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F6077000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6077000
|
| Size: |
16384
|
|
|
1EDBC15E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2490463019.000001EDBC15E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC15E000
|
| Size: |
4096
|
|
|
2D8B000F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B000F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B000F000
|
| Size: |
393216
|
|
|
7FF7C7B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1695783970.00007FF7C7B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B54000
|
| Size: |
36864
|
|
|
1C6DE990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE990000
|
| Size: |
12288
|
|
|
2D8AD450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1790365174.000002D8AD450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD450000
|
| Size: |
4096
|
|
|
2D8BF35D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF35D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF35D000
|
| Size: |
12288
|
|
|
1C6DE994000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE994000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE994000
|
| Size: |
16384
|
|
|
7FF7C7EBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3153445058.00007FF7C7EBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EBC000
|
| Size: |
8192
|
|
|
7FF7C7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2533920691.00007FF7C7DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DB0000
|
| Size: |
65536
|
|
|
1EDA4DA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4DA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4DA9000
|
| Size: |
376832
|
|
|
7FF7C7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2018106899.00007FF7C7DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DA0000
|
| Size: |
65536
|
|
|
7FF7C7B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2006410856.00007FF7C7B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B50000
|
| Size: |
4096
|
|
|
B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289562551.0000000000B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B02000
|
| Size: |
4096
|
|
|
7FF7C7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2533614572.00007FF7C7DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DA0000
|
| Size: |
65536
|
|
|
7FF7C7E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2024037622.00007FF7C7E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E40000
|
| Size: |
65536
|
|
|
7FF7C7B44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2522701548.00007FF7C7B44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B44000
|
| Size: |
36864
|
|
|
2D8AEF00000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1796045335.000002D8AEF00000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D8AEF00000
|
| Size: |
20480
|
|
|
20544957000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544957000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544957000
|
| Size: |
4096
|
|
|
160A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3747081259.000000000160A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160A000
|
| Size: |
28672
|
|
|
2054CBE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1684617027.000002054CBE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CBE0000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1EDA4D14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4D14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4D14000
|
| Size: |
389120
|
|
|
1C6DDA10000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2648828384.000001C6DDA10000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1C6DDA10000
|
| Size: |
4096
|
|
|
2D8AD520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1791958811.000002D8AD520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AD520000
|
| Size: |
4096
|
|
|
16B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3753963796.00000000016B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B4000
|
| Size: |
12288
|
|
|
7FF7C7E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2541848815.00007FF7C7E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E50000
|
| Size: |
61440
|
|
|
98797FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2093665591.00000098797FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98797FE000
|
| Size: |
8192
|
|
|
1380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746110469.0000000001380000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
4096
|
|
|
7FF7C7EA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3152189528.00007FF7C7EA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA4000
|
| Size: |
4096
|
|
|
1EDA1FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2116450777.000001EDA1FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA1FD0000
|
| Size: |
4096
|
|
|
1C6EDA21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDA21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDA21000
|
| Size: |
77824
|
|
|
1C6DDBA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDBA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDBA7000
|
| Size: |
630784
|
|
|
1C6EDD11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDD11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDD11000
|
| Size: |
8192
|
|
|
1C6DBFE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2641755167.000001C6DBFE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DBFE0000
|
| Size: |
16384
|
|
|
7FF7C7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2029509247.00007FF7C7F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F40000
|
| Size: |
65536
|
|
|
A02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289535737.0000000000A02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A02000
|
| Size: |
24576
|
|
|
20534450000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1494994904.0000020534450000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
20534450000
|
| Size: |
4096
|
|
|
1EDBC0D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2485277300.000001EDBC0D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0D7000
|
| Size: |
8192
|
|
|
20534465000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495109109.0000020534465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20534465000
|
| Size: |
24576
|
|
|
C806689000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178237735.000000C806689000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C806689000
|
| Size: |
28672
|
|
|
1EDA5300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5300000
|
| Size: |
401408
|
|
|
7FF7C7D10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2528197114.00007FF7C7D10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D10000
|
| Size: |
24576
|
|
|
2EF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328625688.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF8000
|
| Size: |
28672
|
|
|
2CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328036773.0000000002CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CEE000
|
| Size: |
8192
|
|
|
7FF7C7BAC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2007673211.00007FF7C7BAC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BAC000
|
| Size: |
4096
|
|
|
987A4CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2099043095.000000987A4CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A4CB000
|
| Size: |
20480
|
|
|
1C6F6104000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3079674584.000001C6F6104000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6104000
|
| Size: |
167936
|
|
|
7FF7C7B82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290496671.00007FF7C7B82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B82000
|
| Size: |
4096
|
|
|
7FF7C7E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1715672097.00007FF7C7E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E30000
|
| Size: |
65536
|
|
|
3540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3757009354.0000000003540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3540000
|
| Size: |
4096
|
|
|
7FF7C7D38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3119864129.00007FF7C7D38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D38000
|
| Size: |
4096
|
|
|
1C6DF823000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF823000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF823000
|
| Size: |
114688
|
|
|
2EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328391918.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
36864
|
|
|
1C6DF842000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF842000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF842000
|
| Size: |
16384
|
|
|
7FF7C7C36000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3765323903.00007FF7C7C36000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C36000
|
| Size: |
4096
|
|
|
7FF7C7EB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3153445058.00007FF7C7EB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB5000
|
| Size: |
4096
|
|
|
2F2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319572714.0000000002F2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2E000
|
| Size: |
61440
|
|
|
1C6F5E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3065269461.000001C6F5E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E30000
|
| Size: |
184320
|
|
|
20544952000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544952000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544952000
|
| Size: |
12288
|
|
|
7FF7C7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2537282140.00007FF7C7DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DF0000
|
| Size: |
65536
|
|
|
3552000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3757692235.0000000003552000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3552000
|
| Size: |
4096
|
|
|
547F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327595080.000000000547F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547F000
|
| Size: |
8192
|
|
|
7FF7C7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3141644698.00007FF7C7DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DA0000
|
| Size: |
65536
|
|
|
1C6EDCEF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDCEF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDCEF000
|
| Size: |
69632
|
|
|
2D8AD228000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD228000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD228000
|
| Size: |
208896
|
|
|
7FF7C7B7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290454013.00007FF7C7B7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B7D000
|
| Size: |
8192
|
|
|
B38607000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2631679593.0000000B38607000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B38607000
|
| Size: |
36864
|
|
|
637000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288566954.0000000000637000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
637000
|
| Size: |
24576
|
|
|
7FF7C7D22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2528643129.00007FF7C7D22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D22000
|
| Size: |
4096
|
|
|
7FF7C7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2535782617.00007FF7C7DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DE0000
|
| Size: |
65536
|
|
|
7FF7C7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3764425277.00007FF7C7B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B60000
|
| Size: |
4096
|
|
|
7FF7C7F70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2550270679.00007FF7C7F70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7F70000
|
| Size: |
4096
|
|
|
13F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3746554785.00000000013F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
13F0000
|
| Size: |
4096
|
|
|
7FF7C7C0C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1701797836.00007FF7C7C0C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C0C000
|
| Size: |
61440
|
|
|
7FF7C7C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3765371212.00007FF7C7C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C70000
|
| Size: |
16384
|
|
|
19D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3754686883.00000000019D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19D5000
|
| Size: |
20480
|
|
|
94B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327948769.000000000094B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
94B000
|
| Size: |
20480
|
|
|
1B12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3755267712.0000000001B12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B12000
|
| Size: |
4096
|
|
|
2F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319619189.0000000002F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F09000
|
| Size: |
151552
|
|
|
1EDBC0DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2485277300.000001EDBC0DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0DB000
|
| Size: |
8192
|
|
|
2D8BF313000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF313000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF313000
|
| Size: |
286720
|
|
|
20532B99000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B99000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B99000
|
| Size: |
4096
|
|
|
B3858E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2631194785.0000000B3858E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3858E000
|
| Size: |
8192
|
|
|
1EDA1D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2101008621.000001EDA1D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1D90000
|
| Size: |
12288
|
|
|
7FF7C7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1724672911.00007FF7C7FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FC0000
|
| Size: |
65536
|
|
|
1C6DC000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2641872337.000001C6DC000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DC000000
|
| Size: |
12288
|
|
|
E261FBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777327660.000000E261FBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261FBC000
|
| Size: |
16384
|
|
|
7FF7C7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1713473144.00007FF7C7DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DE0000
|
| Size: |
65536
|
|
|
2D8BF0A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF0A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF0A1000
|
| Size: |
253952
|
|
|
1F312AF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3179329660.000001F312AF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312AF5000
|
| Size: |
12288
|
|
|
B3850C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2630808804.0000000B3850C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3850C000
|
| Size: |
16384
|
|
|
6E9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769285818.0000000006E9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E9D000
|
| Size: |
12288
|
|
|
2E05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328243877.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E05000
|
| Size: |
12288
|
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746476629.00000000013E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
2F0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325976576.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0A000
|
| Size: |
86016
|
|
|
2D8BF080000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF080000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF080000
|
| Size: |
16384
|
|
|
205365C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205365C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205365C1000
|
| Size: |
49152
|
|
|
1C6DC010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2643220685.000001C6DC010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DC010000
|
| Size: |
4096
|
|
|
4C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329213688.0000000004C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C8E000
|
| Size: |
8192
|
|
|
6C819F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1483952323.0000006C819F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C819F7000
|
| Size: |
36864
|
|
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3766325316.0000000005C40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C40000
|
| Size: |
12288
|
|
|
20544901000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544901000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544901000
|
| Size: |
315392
|
|
|
3557000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3758125598.0000000003557000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3557000
|
| Size: |
4096
|
|
|
5461000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324978614.0000000005461000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5461000
|
| Size: |
4096
|
|
|
7FF7C7C06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1700881048.00007FF7C7C06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C06000
|
| Size: |
24576
|
|
|
2054CE99000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CE99000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CE99000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1EDBC0D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2485277300.000001EDBC0D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0D3000
|
| Size: |
4096
|
|
|
7FF7C7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3158876288.00007FF7C7FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FA0000
|
| Size: |
4096
|
|
|
1C020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3760370241.000000001C020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C020000
|
| Size: |
8192
|
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320734189.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
49152
|
|
|
2D8AD220000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD220000
|
| Size: |
28672
|
|
|
7FF7C7BFC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2524754216.00007FF7C7BFC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BFC000
|
| Size: |
61440
|
|
|
1EDBC11F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2488231111.000001EDBC11F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC11F000
|
| Size: |
167936
|
|
|
6C81C3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1487711851.0000006C81C3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81C3D000
|
| Size: |
12288
|
|
|
1EDA4B03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4B03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4B03000
|
| Size: |
176128
|
|
|
1C6F619F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3104657235.000001C6F619F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F619F000
|
| Size: |
8192
|
|
|
7FF7C7E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2025205251.00007FF7C7E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E70000
|
| Size: |
16384
|
|
|
180000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1279253029.0000000000180000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
180000
|
| Size: |
4096
|
|
|
2D8C7459000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7459000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7459000
|
| Size: |
4096
|
|
|
1C8FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290304762.000000001C8FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C8FE000
|
| Size: |
8192
|
|
|
16A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3753168021.00000000016A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A5000
|
| Size: |
32768
|
|
|
2D8AF0E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AF0E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AF0E3000
|
| Size: |
1761280
|
|
|
7FF7C7F4C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2547965749.00007FF7C7F4C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F4C000
|
| Size: |
16384
|
|
|
6C81F3B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1489539747.0000006C81F3B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81F3B000
|
| Size: |
20480
|
|
|
2054CE8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CE8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CE8D000
|
| Size: |
8192
|
|
|
7FF7C7B6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2006979691.00007FF7C7B6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B6B000
|
| Size: |
4096
|
|
|
B374F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2625925535.0000000B374F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B374F9000
|
| Size: |
28672
|
|
|
2F2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320534996.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
8192
|
|
|
1EDA5873000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5873000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5873000
|
| Size: |
118784
|
|
|
570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288308336.0000000000570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
570000
|
| Size: |
4096
|
|
|
6C8156F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1469441482.0000006C8156F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8156F000
|
| Size: |
4096
|
|
|
1EDA3A60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127753364.000001EDA3A60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA3A60000
|
| Size: |
4096
|
|
|
12F4000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3745533341.00000000012F4000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F4000
|
| Size: |
49152
|
|
|
E262D0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1778396509.000000E262D0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262D0C000
|
| Size: |
16384
|
|
|
1EDA4C48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4C48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4C48000
|
| Size: |
229376
|
|
|
5DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3766915147.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DF0000
|
| Size: |
24576
|
|
|
7FF7C7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2552473313.00007FF7C7FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FC0000
|
| Size: |
65536
|
|
|
2D8AEFC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1796912056.000002D8AEFC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AEFC0000
|
| Size: |
4096
|
|
|
2F24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327617812.0000000002F24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F24000
|
| Size: |
32768
|
|
|
20535603000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535603000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535603000
|
| Size: |
4096
|
|
|
2F2F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326866992.0000000002F2F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2F000
|
| Size: |
69632
|
|
|
7FF7C7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2016788195.00007FF7C7D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D80000
|
| Size: |
65536
|
|
|
1C6DBD60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2633957091.000001C6DBD60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBD60000
|
| Size: |
4096
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328803446.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
36864
|
|
|
20535784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535784000
|
| Size: |
745472
|
|
|
2D8AD261000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD261000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD261000
|
| Size: |
4096
|
|
|
5B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288327011.00000000005B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
2D8C74D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1993465506.000002D8C74D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C74D0000
|
| Size: |
36864
|
|
|
7FF7C7B5D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2006903818.00007FF7C7B5D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B5D000
|
| Size: |
12288
|
|
|
1C6F620B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3107676840.000001C6F620B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F620B000
|
| Size: |
8192
|
|
|
25A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289763928.00000000025A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25A1000
|
| Size: |
81920
|
|
|
20532BD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532BD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532BD5000
|
| Size: |
8192
|
|
|
B370E3000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2624917729.0000000B370E3000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B370E3000
|
| Size: |
53248
|
|
|
1C6F60A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60A1000
|
| Size: |
8192
|
|
|
1C400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290091285.000000001C400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C400000
|
| Size: |
4096
|
|
|
2D8AD510000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1791384513.000002D8AD510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD510000
|
| Size: |
12288
|
|
|
20534440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1494879981.0000020534440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534440000
|
| Size: |
4096
|
|
|
5471000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1322006274.0000000005471000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5471000
|
| Size: |
61440
|
|
|
5D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288353540.00000000005D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
2CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328036773.0000000002CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFE000
|
| Size: |
8192
|
|
|
7FF7C7B6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3113001912.00007FF7C7B6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B6B000
|
| Size: |
4096
|
|
|
7FF7C7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2021673293.00007FF7C7DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DF0000
|
| Size: |
65536
|
|
|
7FF7C7C75000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3116817500.00007FF7C7C75000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C75000
|
| Size: |
32768
|
|
|
20532AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491896551.0000020532AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532AF0000
|
| Size: |
16384
|
|
|
7FF7C7C2C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290715974.00007FF7C7C2C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C2C000
|
| Size: |
4096
|
|
|
7FF7C7EB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3153445058.00007FF7C7EB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB2000
|
| Size: |
4096
|
|
|
7FF7C7EA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1719660774.00007FF7C7EA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA4000
|
| Size: |
4096
|
|
|
7FF7C7E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2542891346.00007FF7C7E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E70000
|
| Size: |
4096
|
|
|
13518000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3759280163.0000000013518000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13518000
|
| Size: |
12288
|
|
|
7FF7C7E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543265895.00007FF7C7E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E90000
|
| Size: |
4096
|
|
|
1EDBBEC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2483398191.000001EDBBEC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1EDBBEC0000
|
| Size: |
4096
|
|
|
20532AF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491896551.0000020532AF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532AF5000
|
| Size: |
40960
|
|
|
5465000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325862585.0000000005465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5465000
|
| Size: |
8192
|
|
|
1C6F5EDF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3070529625.000001C6F5EDF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5EDF000
|
| Size: |
253952
|
|
|
547C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326539704.000000000547C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547C000
|
| Size: |
20480
|
|
|
7FF7C7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2546667518.00007FF7C7ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7ED0000
|
| Size: |
36864
|
|
|
2053541E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053541E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053541E000
|
| Size: |
1957888
|
|
|
1C6DF289000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF289000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF289000
|
| Size: |
147456
|
|
|
7FF7C7E83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3151701241.00007FF7C7E83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E83000
|
| Size: |
28672
|
|
|
2D8AD515000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1791384513.000002D8AD515000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD515000
|
| Size: |
24576
|
|
|
2F0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325747230.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F0A000
|
| Size: |
86016
|
|
|
1C6F6270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3109277492.000001C6F6270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6F6270000
|
| Size: |
4096
|
|
|
2F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321047426.0000000002F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F39000
|
| Size: |
81920
|
|
|
7FF7C7FA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3158876288.00007FF7C7FA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FA6000
|
| Size: |
16384
|
|
|
2D8C7441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7441000
|
| Size: |
86016
|
|
|
7FF7C7EB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB5000
|
| Size: |
4096
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328868565.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
8192
|
|
|
7FF7C7EA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3152189528.00007FF7C7EA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA9000
|
| Size: |
28672
|
|
|
7FF7C7EB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB2000
|
| Size: |
4096
|
|
|
7FF7C7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2547965749.00007FF7C7F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F40000
|
| Size: |
4096
|
|
|
7FF7C7D38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1707796391.00007FF7C7D38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D38000
|
| Size: |
4096
|
|
|
2FA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328974924.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA3000
|
| Size: |
4096
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289489820.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
4096
|
|
|
693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289302516.0000000000693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
693000
|
| Size: |
90112
|
|
|
801A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769525709.000000000801A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
801A000
|
| Size: |
110592
|
|
|
20534570000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1495694618.0000020534570000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
20534570000
|
| Size: |
4096
|
|
|
2D8BF37B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF37B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF37B000
|
| Size: |
1769472
|
|
|
7FF7C7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2017555403.00007FF7C7D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D90000
|
| Size: |
65536
|
|
|
1EDA4B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4B2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4B2F000
|
| Size: |
393216
|
|
|
5465000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329454343.0000000005465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5465000
|
| Size: |
8192
|
|
|
125A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289791378.00000000125A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
125A3000
|
| Size: |
8192
|
|
|
7FF7C7B8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290584184.00007FF7C7B8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B8D000
|
| Size: |
4096
|
|
|
1740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3754029623.0000000001740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1740000
|
| Size: |
12288
|
|
|
7FF7C7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2031851381.00007FF7C7FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FB0000
|
| Size: |
8192
|
|
|
B37838000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2628029461.0000000B37838000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B37838000
|
| Size: |
32768
|
|
|
16C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3753936882.00000000016C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
16C0000
|
| Size: |
4096
|
|
|
1EDA1E64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E64000
|
| Size: |
12288
|
|
|
1EDBC108000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2488231111.000001EDBC108000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC108000
|
| Size: |
32768
|
|
|
125A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289791378.00000000125A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
125A1000
|
| Size: |
4096
|
|
|
1EDA4B92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4B92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4B92000
|
| Size: |
733184
|
|
|
2F62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321882666.0000000002F62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F62000
|
| Size: |
315392
|
|
|
1EDA53C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA53C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA53C2000
|
| Size: |
1368064
|
|
|
2CF4000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328036773.0000000002CF4000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CF4000
|
| Size: |
16384
|
|
|
2D8AD3F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1789442537.000002D8AD3F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD3F0000
|
| Size: |
16384
|
|
|
1EDA1DFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1DFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1DFE000
|
| Size: |
20480
|
|
|
194E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3754509410.000000000194E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
194E000
|
| Size: |
8192
|
|
|
6C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769114695.0000000006C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C1E000
|
| Size: |
8192
|
|
|
6C8298E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1490422143.0000006C8298E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8298E000
|
| Size: |
8192
|
|
|
3130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329062934.0000000003130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3130000
|
| Size: |
4096
|
|
|
7FF7C7E83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1719320971.00007FF7C7E83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E83000
|
| Size: |
28672
|
|
|
1C6F60DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3079674584.000001C6F60DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60DB000
|
| Size: |
36864
|
|
|
2F4F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320869789.0000000002F4F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
24576
|
|
|
166F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3751228711.000000000166F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166F000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1C6F61DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3106369401.000001C6F61DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F61DF000
|
| Size: |
49152
|
|
|
7FF7C7EB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026850088.00007FF7C7EB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB8000
|
| Size: |
4096
|
|
|
62A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288502729.000000000062A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62A000
|
| Size: |
8192
|
|
|
6C815EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1469588108.0000006C815EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C815EE000
|
| Size: |
8192
|
|
|
2054CF4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1692305016.000002054CF4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CF4D000
|
| Size: |
16384
|
|
|
1C6DE99D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE99D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE99D000
|
| Size: |
720896
|
|
|
981D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.000000000981D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
981D000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
2053526A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053526A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053526A000
|
| Size: |
1781760
|
|
|
2EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320869789.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF5000
|
| Size: |
8192
|
|
|
164E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3752943160.000000000164E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
164E000
|
| Size: |
8192
|
|
|
7FF7C7EBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1720300954.00007FF7C7EBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EBC000
|
| Size: |
8192
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3758394281.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
7FF7C7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2532625518.00007FF7C7D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D80000
|
| Size: |
65536
|
|
|
3C4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3759612410.0000000003C4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C4E000
|
| Size: |
331776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1612000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3747716197.0000000001612000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1612000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
13B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B2000
|
| Size: |
69632
|
|
|
600C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3767872932.000000000600C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
600C000
|
| Size: |
16384
|
|
|
987947E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089462449.000000987947E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987947E000
|
| Size: |
8192
|
|
|
7FF7C7D78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3140222499.00007FF7C7D78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D78000
|
| Size: |
32768
|
|
|
13DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746331723.00000000013DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13DE000
|
| Size: |
8192
|
|
|
3512000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3755689479.0000000003512000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3512000
|
| Size: |
8192
|
|
|
1C4C7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3763543870.000000001C4C7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C4C7000
|
| Size: |
36864
|
|
|
7FF7C7EB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3153445058.00007FF7C7EB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB8000
|
| Size: |
4096
|
|
|
7FF7C7C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1702870466.00007FF7C7C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C70000
|
| Size: |
53248
|
|
|
2054CD00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1685825282.000002054CD00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2054CD00000
|
| Size: |
4096
|
|
|
2D8BF071000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF071000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF071000
|
| Size: |
57344
|
|
|
13F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F5000
|
| Size: |
294912
|
|
|
1C6F6030000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3074651061.000001C6F6030000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1C6F6030000
|
| Size: |
4096
|
|
|
98795F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2090799101.00000098795F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98795F9000
|
| Size: |
28672
|
|
|
546B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326539704.000000000546B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
546B000
|
| Size: |
49152
|
|
|
7FF7C7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1723552371.00007FF7C7F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F90000
|
| Size: |
65536
|
|
|
1C6DEA54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEA54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEA54000
|
| Size: |
368640
|
|
|
1F312930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3179192443.000001F312930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312930000
|
| Size: |
8192
|
|
|
1EDBBEF0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2483427458.000001EDBBEF0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1EDBBEF0000
|
| Size: |
20480
|
|
|
2F27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320757075.0000000002F27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F27000
|
| Size: |
20480
|
|
|
1C6F60AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60AD000
|
| Size: |
8192
|
|
|
E261EF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777225496.000000E261EF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261EF9000
|
| Size: |
28672
|
|
|
7FF7C7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1710642985.00007FF7C7D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D90000
|
| Size: |
65536
|
|
|
2D8B0313000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0313000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0313000
|
| Size: |
389120
|
|
|
1EDBC0EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2488231111.000001EDBC0EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0EB000
|
| Size: |
106496
|
|
|
1C6DBEE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBEE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBEE2000
|
| Size: |
53248
|
|
|
2D8C75B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1994370511.000002D8C75B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C75B0000
|
| Size: |
278528
|
|
|
98793FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089424257.00000098793FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98793FF000
|
| Size: |
4096
|
|
|
1AF02000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1289955957.000000001AF02000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1AF02000
|
| Size: |
4096
|
|
|
1745000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3754029623.0000000001745000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1745000
|
| Size: |
8192
|
|
|
2FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327127810.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA0000
|
| Size: |
16384
|
|
|
7FF7C7D10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2013055545.00007FF7C7D10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D10000
|
| Size: |
24576
|
|
|
1EDA5363000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5363000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5363000
|
| Size: |
376832
|
|
|
B3870D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2632809036.0000000B3870D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3870D000
|
| Size: |
12288
|
|
|
1642000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3749611215.0000000001642000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1642000
|
| Size: |
102400
|
|
|
B37ABB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2629964086.0000000B37ABB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B37ABB000
|
| Size: |
20480
|
|
|
7FF7C7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3140222499.00007FF7C7D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D70000
|
| Size: |
4096
|
|
|
2D8B042F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B042F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B042F000
|
| Size: |
3944448
|
|
|
B3757F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2626553832.0000000B3757F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3757F000
|
| Size: |
4096
|
|
|
13AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13AD000
|
| Size: |
4096
|
|
|
1C6DEADD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEADD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEADD000
|
| Size: |
397312
|
|
|
5E20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3767376839.0000000005E20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5E20000
|
| Size: |
40960
|
|
|
2D8BF36B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF36B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF36B000
|
| Size: |
4096
|
|
|
677000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289247183.0000000000677000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
677000
|
| Size: |
110592
|
|
|
2F3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320575874.0000000002F3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3A000
|
| Size: |
12288
|
|
|
3190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329087370.0000000003190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3190000
|
| Size: |
16384
|
|
|
2F3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325697097.0000000002F3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3C000
|
| Size: |
155648
|
|
|
2F2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321296730.0000000002F2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2D000
|
| Size: |
217088
|
|
|
E2622BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777864475.000000E2622BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2622BB000
|
| Size: |
20480
|
|
|
7FF7C7C06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3765170717.00007FF7C7C06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C06000
|
| Size: |
4096
|
|
|
7FF7C7E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2025581368.00007FF7C7E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E80000
|
| Size: |
4096
|
|
|
2F5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326482525.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
167936
|
|
|
2054CEE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CEE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CEE4000
|
| Size: |
45056
|
|
|
7FF7C7B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2521233522.00007FF7C7B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B40000
|
| Size: |
4096
|
|
|
205343F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1493986581.00000205343F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
205343F0000
|
| Size: |
4096
|
|
|
5E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3767044483.0000000005E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E10000
|
| Size: |
65536
|
|
|
2F3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319547268.0000000002F3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3D000
|
| Size: |
16384
|
|
|
5461000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327249539.0000000005461000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5461000
|
| Size: |
24576
|
|
|
FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3745045677.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF0000
|
| Size: |
4096
|
|
|
6ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768935913.0000000006ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ADE000
|
| Size: |
8192
|
|
|
7FF7C7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3143453094.00007FF7C7DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DD0000
|
| Size: |
65536
|
|
|
987A64E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2100090807.000000987A64E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A64E000
|
| Size: |
8192
|
|
|
5474000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326667442.0000000005474000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5474000
|
| Size: |
8192
|
|
|
1EDA4E31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4E31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4E31000
|
| Size: |
3940352
|
|
|
69DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768871051.00000000069DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69DE000
|
| Size: |
8192
|
|
|
689D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768684458.000000000689D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
689D000
|
| Size: |
12288
|
|
|
1EDBC0E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2485277300.000001EDBC0E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0E5000
|
| Size: |
20480
|
|
|
1C6EDA8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDA8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDA8B000
|
| Size: |
2498560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF7C7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2031072772.00007FF7C7F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F90000
|
| Size: |
65536
|
|
|
C80678F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178551919.000000C80678F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C80678F000
|
| Size: |
4096
|
|
|
547C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1323569633.000000000547C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547C000
|
| Size: |
8192
|
|
|
1EDBC1D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2495356228.000001EDBC1D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC1D8000
|
| Size: |
4096
|
|
|
1EDB3CB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3CB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3CB2000
|
| Size: |
659456
|
|
|
13F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F1000
|
| Size: |
12288
|
|
|
7FF7C7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1711079729.00007FF7C7DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DA0000
|
| Size: |
65536
|
|
|
2D8C76E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1999733554.000002D8C76E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C76E8000
|
| Size: |
36864
|
|
|
9878FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089040436.0000009878FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9878FEE000
|
| Size: |
8192
|
|
|
2D8AD25D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD25D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD25D000
|
| Size: |
4096
|
|
|
2054CB05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1678309160.000002054CB05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB05000
|
| Size: |
221184
|
|
|
7FF7C7D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2530293263.00007FF7C7D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D40000
|
| Size: |
65536
|
|
|
6C82A09000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1490663925.0000006C82A09000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C82A09000
|
| Size: |
28672
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288421532.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
40960
|
|
|
1C6F61EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3106369401.000001C6F61EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F61EC000
|
| Size: |
32768
|
|
|
7FF7C7C36000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2009037618.00007FF7C7C36000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C36000
|
| Size: |
86016
|
|
|
7FF7C7B5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2523698483.00007FF7C7B5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B5B000
|
| Size: |
4096
|
|
|
98796F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2092418305.00000098796F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98796F9000
|
| Size: |
28672
|
|
|
1EDB3A91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3A91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3A91000
|
| Size: |
8192
|
|
|
1EDA5512000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5512000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5512000
|
| Size: |
3387392
|
|
|
1EDA1D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2100739488.000001EDA1D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1D50000
|
| Size: |
8192
|
|
|
2EFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325747230.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
4096
|
|
|
1EDA1E69000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E69000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E69000
|
| Size: |
483328
|
|
|
2D8AD27D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD27D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD27D000
|
| Size: |
16384
|
|
|
6C8290E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1490076273.0000006C8290E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8290E000
|
| Size: |
8192
|
|
|
7FF7C7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1721160496.00007FF7C7ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7ED0000
|
| Size: |
65536
|
|
|
2D8AD550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1791958811.000002D8AD550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AD550000
|
| Size: |
12288
|
|
|
652000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289247183.0000000000652000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
652000
|
| Size: |
4096
|
|
|
97E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.00000000097E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
97E1000
|
| Size: |
237568
|
|
|
7FF7C7D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2014747754.00007FF7C7D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D60000
|
| Size: |
65536
|
|
|
1C6DBDF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2634331857.000001C6DBDF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBDF0000
|
| Size: |
28672
|
|
|
E26213E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777505940.000000E26213E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E26213E000
|
| Size: |
8192
|
|
|
2EFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327639400.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
8192
|
|
|
1EDA2020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2118802621.000001EDA2020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA2020000
|
| Size: |
12288
|
|
|
7FF7C7BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2524461667.00007FF7C7BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7BF0000
|
| Size: |
8192
|
|
|
20532B8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B8D000
|
| Size: |
4096
|
|
|
7FF7C7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2015494228.00007FF7C7D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D70000
|
| Size: |
65536
|
|
|
7FF7C7D32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1707796391.00007FF7C7D32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D32000
|
| Size: |
4096
|
|
|
20544961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544961000
|
| Size: |
1765376
|
|
|
2D8AD490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1790578888.000002D8AD490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AD490000
|
| Size: |
16384
|
|
|
7FF7C7D34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2013376397.00007FF7C7D34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D34000
|
| Size: |
12288
|
|
|
2D8AD263000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD263000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD263000
|
| Size: |
4096
|
|
|
7FF7C7BAC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1700290057.00007FF7C7BAC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BAC000
|
| Size: |
4096
|
|
|
7FF7C7B6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1697515671.00007FF7C7B6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B6B000
|
| Size: |
4096
|
|
|
7FF7C7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1709516794.00007FF7C7D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D70000
|
| Size: |
65536
|
|
|
1C6F5E6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5E6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E6E000
|
| Size: |
86016
|
|
|
354A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3757295342.000000000354A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
354A000
|
| Size: |
4096
|
|
|
9F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1289509741.00000000009F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
9F0000
|
| Size: |
4096
|
|
|
6C81CBA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1487802499.0000006C81CBA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81CBA000
|
| Size: |
24576
|
|
|
7FF7C7E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3150312626.00007FF7C7E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E50000
|
| Size: |
24576
|
|
|
1EDA4E06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA4E06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA4E06000
|
| Size: |
159744
|
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3759424607.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
1C6DE999000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE999000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE999000
|
| Size: |
12288
|
|
|
7FF7C7C06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2008086253.00007FF7C7C06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C06000
|
| Size: |
24576
|
|
|
6C81A7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1485672901.0000006C81A7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C81A7D000
|
| Size: |
12288
|
|
|
20532BAD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532BAD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532BAD000
|
| Size: |
16384
|
|
|
7FF7C7EA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026046308.00007FF7C7EA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA9000
|
| Size: |
28672
|
|
|
7FF7C7D34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1707796391.00007FF7C7D34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D34000
|
| Size: |
12288
|
|
|
2054CEF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1691734198.000002054CEF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CEF1000
|
| Size: |
65536
|
|
|
329F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329142135.000000000329F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329F000
|
| Size: |
4096
|
|
|
B378BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2628322491.0000000B378BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B378BE000
|
| Size: |
8192
|
|
|
7FF7C7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1723814931.00007FF7C7FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FA0000
|
| Size: |
65536
|
|
|
1CAFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290359485.000000001CAFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1CAFE000
|
| Size: |
8192
|
|
|
1EDA1E1D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E1D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E1D000
|
| Size: |
4096
|
|
|
98798FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2095538907.00000098798FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98798FE000
|
| Size: |
8192
|
|
|
1C6F609D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F609D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F609D000
|
| Size: |
4096
|
|
|
7FF7C7D10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3119024602.00007FF7C7D10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D10000
|
| Size: |
4096
|
|
|
1C6F62E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3109370102.000001C6F62E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F62E0000
|
| Size: |
4096
|
|
|
E26194F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1776735902.000000E26194F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E26194F000
|
| Size: |
4096
|
|
|
2FA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328991084.0000000002FA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA8000
|
| Size: |
8192
|
|
|
1EDA1DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1DF0000
|
| Size: |
53248
|
|
|
E261E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777191551.000000E261E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261E7E000
|
| Size: |
8192
|
|
|
7FF7C7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1709037848.00007FF7C7D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D50000
|
| Size: |
65536
|
|
|
1F312AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3179329660.000001F312AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312AF0000
|
| Size: |
16384
|
|
|
E2618C2000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1776645635.000000E2618C2000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2618C2000
|
| Size: |
57344
|
|
|
2FA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324722912.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA7000
|
| Size: |
16384
|
|
|
20536577000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020536577000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20536577000
|
| Size: |
143360
|
|
|
1C6EDD22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDD22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDD22000
|
| Size: |
1769472
|
|
|
7FF7C7E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3149760455.00007FF7C7E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E40000
|
| Size: |
65536
|
|
|
1653000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3753297374.0000000001653000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1653000
|
| Size: |
53248
|
|
|
7FF7C7BAC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3114388217.00007FF7C7BAC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BAC000
|
| Size: |
4096
|
|
|
2F5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320869789.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
12288
|
|
|
2F3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327216777.0000000002F3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3B000
|
| Size: |
20480
|
|
|
1336000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3745479143.0000000001336000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1336000
|
| Size: |
40960
|
|
|
1444000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.0000000001444000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1444000
|
| Size: |
61440
|
|
|
B38689000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2632170982.0000000B38689000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B38689000
|
| Size: |
28672
|
|
|
7FF7C7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1721607116.00007FF7C7EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EE0000
|
| Size: |
36864
|
|
|
1C6DBE2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE2A000
|
| Size: |
8192
|
|
|
29E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328013323.00000000029E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29E0000
|
| Size: |
8192
|
|
|
1C6DF847000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF847000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF847000
|
| Size: |
53248
|
|
|
1C419000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290222508.000000001C419000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C419000
|
| Size: |
65536
|
|
|
19D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3754686883.00000000019D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19D0000
|
| Size: |
12288
|
|
|
7FF7C7B62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3764425277.00007FF7C7B62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B62000
|
| Size: |
32768
|
|
|
7FF7C7B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1699804168.00007FF7C7B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B70000
|
| Size: |
4096
|
|
|
1C6EDD09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDD09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDD09000
|
| Size: |
16384
|
|
|
1C6F6050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F6050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F6050000
|
| Size: |
155648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1EDA47DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA47DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA47DC000
|
| Size: |
270336
|
|
|
9CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289460089.00000000009CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CF000
|
| Size: |
4096
|
|
|
1C7FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290281369.000000001C7FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C7FE000
|
| Size: |
8192
|
|
|
7FF7C7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1720934987.00007FF7C7EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EC0000
|
| Size: |
40960
|
|
|
1C6DE473000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE473000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE473000
|
| Size: |
1712128
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320534996.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
12288
|
|
|
1EDBBE9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2481823595.000001EDBBE9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE9E000
|
| Size: |
69632
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320575874.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
12288
|
|
|
1C6DC120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644190220.000001C6DC120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DC120000
|
| Size: |
16384
|
|
|
7FF7C7B73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290407523.00007FF7C7B73000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B73000
|
| Size: |
4096
|
|
|
1B540000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3760104167.000000001B540000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B540000
|
| Size: |
4096
|
|
|
2F2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326939864.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
12288
|
|
|
1EDBC0B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2484420089.000001EDBC0B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0B0000
|
| Size: |
73728
|
|
|
60B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288421532.000000000060B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
60B000
|
| Size: |
28672
|
|
|
2D8AFC76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AFC76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AFC76000
|
| Size: |
1499136
|
|
|
13C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.00000000013C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C4000
|
| Size: |
4096
|
|
|
2F08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319508734.0000000002F08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F08000
|
| Size: |
233472
|
|
|
2D8B0072000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0072000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0072000
|
| Size: |
176128
|
|
|
1C6DBDD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2634294617.000001C6DBDD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBDD0000
|
| Size: |
4096
|
|
|
1C6DC030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2643652053.000001C6DC030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DC030000
|
| Size: |
65536
|
|
|
7FF7C7EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1719660774.00007FF7C7EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA0000
|
| Size: |
4096
|
|
|
1C6DF371000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF371000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF371000
|
| Size: |
4763648
|
|
|
7FF7C7B5D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1696165327.00007FF7C7B5D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B5D000
|
| Size: |
12288
|
|
|
7FF7C7B43000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2522008741.00007FF7C7B43000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B43000
|
| Size: |
4096
|
|
|
1500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746996816.0000000001500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1500000
|
| Size: |
8192
|
|
|
7FF7C7B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3111225626.00007FF7C7B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B50000
|
| Size: |
4096
|
|
|
7FF7C7E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1716873835.00007FF7C7E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E50000
|
| Size: |
65536
|
|
|
2D8C76DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1999733554.000002D8C76DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C76DA000
|
| Size: |
16384
|
|
|
2FA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325618167.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA5000
|
| Size: |
8192
|
|
|
7FF7C7C06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3115149303.00007FF7C7C06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C06000
|
| Size: |
24576
|
|
|
7FF7C7E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2541507041.00007FF7C7E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E40000
|
| Size: |
24576
|
|
|
97D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.00000000097D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
97D3000
|
| Size: |
49152
|
|
|
2F2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321167415.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2A000
|
| Size: |
8192
|
|
|
1C6F5F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074024716.000001C6F5F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5F50000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3766760712.0000000005CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CDE000
|
| Size: |
8192
|
|
|
7FF7C7EBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3153445058.00007FF7C7EBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EBA000
|
| Size: |
4096
|
|
|
6F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769398887.0000000006F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F9E000
|
| Size: |
8192
|
|
|
7FF7C7C0C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2008535566.00007FF7C7C0C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C0C000
|
| Size: |
61440
|
|
|
6C8187E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1469677485.0000006C8187E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C8187E000
|
| Size: |
8192
|
|
|
2D8C7497000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1992618375.000002D8C7497000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7497000
|
| Size: |
98304
|
|
|
52EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329324566.00000000052EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52EF000
|
| Size: |
4096
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288273888.0000000000550000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
4096
|
|
|
7FF7C7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1714912239.00007FF7C7E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E10000
|
| Size: |
65536
|
|
|
1C6DEA4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEA4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEA4E000
|
| Size: |
20480
|
|
|
2F1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320780169.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F1B000
|
| Size: |
20480
|
|
|
1C6DF1A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DF1A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DF1A4000
|
| Size: |
929792
|
|
|
1C404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290091285.000000001C404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C404000
|
| Size: |
65536
|
|
|
205344E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495577505.00000205344E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205344E0000
|
| Size: |
65536
|
|
|
2F2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320974043.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
135168
|
|
|
20534889000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020534889000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534889000
|
| Size: |
2768896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF7C7E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3151617331.00007FF7C7E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E80000
|
| Size: |
4096
|
|
|
7FF7C7E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3151187605.00007FF7C7E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E70000
|
| Size: |
16384
|
|
|
7FF7C7D20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1707451397.00007FF7C7D20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D20000
|
| Size: |
4096
|
|
|
1EDA3A71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA3A71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA3A71000
|
| Size: |
507904
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2054CDF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686082470.000002054CDF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CDF0000
|
| Size: |
4096
|
|
|
1C6DEAB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DEAB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DEAB1000
|
| Size: |
176128
|
|
|
1EDBC0C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2485277300.000001EDBC0C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0C3000
|
| Size: |
40960
|
|
|
7FF7C7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3147333890.00007FF7C7E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E10000
|
| Size: |
65536
|
|
|
B3716F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2625431751.0000000B3716F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3716F000
|
| Size: |
4096
|
|
|
7FF7C7EA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2026046308.00007FF7C7EA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA4000
|
| Size: |
4096
|
|
|
5ECC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3767610978.0000000005ECC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ECC000
|
| Size: |
16384
|
|
|
1C6F60B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60B5000
|
| Size: |
8192
|
|
|
7FF7C7EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1720300954.00007FF7C7EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB0000
|
| Size: |
28672
|
|
|
205356F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205356F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205356F5000
|
| Size: |
176128
|
|
|
1690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3752442007.0000000001690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
1BFD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3760370241.000000001BFD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1BFD0000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E26223E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777605803.000000E26223E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E26223E000
|
| Size: |
8192
|
|
|
B37A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2629376340.0000000B37A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B37A3F000
|
| Size: |
4096
|
|
|
2EFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321223153.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFA000
|
| Size: |
20480
|
|
|
352C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3756488720.000000000352C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
352C000
|
| Size: |
4096
|
|
|
2F1D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327038830.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F1D000
|
| Size: |
4096
|
|
|
1EDBC1DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2495356228.000001EDBC1DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC1DA000
|
| Size: |
28672
|
|
|
1C6DBD70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2634011815.000001C6DBD70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBD70000
|
| Size: |
16384
|
|
|
7FF7C7D24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2528643129.00007FF7C7D24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D24000
|
| Size: |
12288
|
|
|
1C6DBD90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2634248949.000001C6DBD90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBD90000
|
| Size: |
8192
|
|
|
1C6DED24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DED24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DED24000
|
| Size: |
753664
|
|
|
7FF7C7F9D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2550990555.00007FF7C7F9D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F9D000
|
| Size: |
12288
|
|
|
7FF7C7D38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2013376397.00007FF7C7D38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D38000
|
| Size: |
4096
|
|
|
1EDA5898000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA5898000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA5898000
|
| Size: |
49152
|
|
|
7DF4956C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1694855258.00007DF4956C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF4956C0000
|
| Size: |
4096
|
|
|
2D8AD2A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD2A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD2A4000
|
| Size: |
4096
|
|
|
E262F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1780936174.000000E262F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E262F0E000
|
| Size: |
8192
|
|
|
1C6F60A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60A5000
|
| Size: |
4096
|
|
|
1C6DDEED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDEED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDEED000
|
| Size: |
5787648
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288372802.00000000005E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
7FF7C7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3145855722.00007FF7C7DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DF0000
|
| Size: |
65536
|
|
|
20535909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535909000
|
| Size: |
385024
|
|
|
7FF7C7E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3148053352.00007FF7C7E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E20000
|
| Size: |
65536
|
|
|
2D8C768A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1999733554.000002D8C768A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C768A000
|
| Size: |
319488
|
|
|
7FF7C7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2028597991.00007FF7C7ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7ED0000
|
| Size: |
65536
|
|
|
B3793E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2628747700.0000000B3793E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3793E000
|
| Size: |
8192
|
|
|
2053583C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053583C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053583C000
|
| Size: |
229376
|
|
|
20532BD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532BD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532BD8000
|
| Size: |
344064
|
|
|
2D8AFC66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AFC66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AFC66000
|
| Size: |
61440
|
|
|
2054CB8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1681709010.000002054CB8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CB8E000
|
| Size: |
16384
|
|
|
2F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325592774.0000000002F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F00000
|
| Size: |
36864
|
|
|
987A5CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2099673888.000000987A5CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A5CC000
|
| Size: |
16384
|
|
|
98794F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089749461.00000098794F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98794F7000
|
| Size: |
36864
|
|
|
B377B7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2627637162.0000000B377B7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B377B7000
|
| Size: |
36864
|
|
|
7FF7C7D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290821915.00007FF7C7D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D10000
|
| Size: |
4096
|
|
|
2FA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327171331.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA6000
|
| Size: |
16384
|
|
|
2D8BF0E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1939056324.000002D8BF0E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8BF0E4000
|
| Size: |
2285568
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E2619CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1776766008.000000E2619CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2619CF000
|
| Size: |
4096
|
|
|
B376F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2626954746.0000000B376F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B376F9000
|
| Size: |
28672
|
|
|
699D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768796199.000000000699D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
699D000
|
| Size: |
12288
|
|
|
1EDBBDCF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2459480490.000001EDBBDCF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBDCF000
|
| Size: |
4096
|
|
|
1EDBBDB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2459480490.000001EDBBDB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBDB0000
|
| Size: |
118784
|
|
|
7FF7C7BF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2524509460.00007FF7C7BF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7BF6000
|
| Size: |
24576
|
|
|
B3773F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2627496106.0000000B3773F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3773F000
|
| Size: |
4096
|
|
|
2EFC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319446189.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EFC000
|
| Size: |
282624
|
|
|
1C6EDD04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDD04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDD04000
|
| Size: |
12288
|
|
|
205446D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.00000205446D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205446D9000
|
| Size: |
2203648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3196000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329087370.0000000003196000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3196000
|
| Size: |
36864
|
|
|
7DF400A90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2521058351.00007DF400A90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF400A90000
|
| Size: |
4096
|
|
|
1EDA1FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2118802621.000001EDA1FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA1FF0000
|
| Size: |
4096
|
|
|
2CFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328036773.0000000002CFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFB000
|
| Size: |
4096
|
|
|
7FF7C7C10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3765273782.00007FF7C7C10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C10000
|
| Size: |
4096
|
|
|
7FF7C7E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1715401705.00007FF7C7E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E20000
|
| Size: |
65536
|
|
|
2D8AEF06000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1796045335.000002D8AEF06000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D8AEF06000
|
| Size: |
16384
|
|
|
2EF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327103028.0000000002EF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF6000
|
| Size: |
77824
|
|
|
19E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3754595817.00000000019E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19E0000
|
| Size: |
4096
|
|
|
3550000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755803408.0000000003550000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3550000
|
| Size: |
299008
|
|
|
5C80000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3766711854.0000000005C80000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
5C80000
|
| Size: |
4096
|
|
|
2EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321328225.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF5000
|
| Size: |
20480
|
|
|
2D8AD2A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD2A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD2A9000
|
| Size: |
315392
|
|
|
2F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326388217.0000000002F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F40000
|
| Size: |
294912
|
|
|
7FF7C7E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1718965928.00007FF7C7E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E80000
|
| Size: |
4096
|
|
|
7FF7C7EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2543683726.00007FF7C7EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EA0000
|
| Size: |
4096
|
|
|
7FF7C7B5D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3764090301.00007FF7C7B5D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B5D000
|
| Size: |
12288
|
|
|
2D8AFDE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AFDE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AFDE6000
|
| Size: |
1949696
|
|
|
20534661000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020534661000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534661000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3769466698.0000000007000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7000000
|
| Size: |
8192
|
|
|
2D8B0962000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0962000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0962000
|
| Size: |
376832
|
|
|
98792FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2089247489.00000098792FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98792FE000
|
| Size: |
8192
|
|
|
9879676000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2091680463.0000009879676000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9879676000
|
| Size: |
40960
|
|
|
7FF7C7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3765116060.00007FF7C7C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C00000
|
| Size: |
4096
|
|
|
7FF7C7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1709935412.00007FF7C7D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D80000
|
| Size: |
65536
|
|
|
1C6F5EA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5EA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5EA2000
|
| Size: |
24576
|
|
|
2D8C770E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2004731239.000002D8C770E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C770E000
|
| Size: |
4096
|
|
|
7FF7C7B74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3764898509.00007FF7C7B74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B74000
|
| Size: |
4096
|
|
|
987A34E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2097371091.000000987A34E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987A34E000
|
| Size: |
8192
|
|
|
2F35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319594293.0000000002F35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F35000
|
| Size: |
32768
|
|
|
F1C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1286724868.0000000000F1C000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F1C000
|
| Size: |
65536
|
|
|
2FA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325618167.0000000002FA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA8000
|
| Size: |
12288
|
|
|
1EDB3D66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3D66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3D66000
|
| Size: |
4096
|
|
|
2F9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328932158.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
4096
|
|
|
5DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3766850495.0000000005DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DDE000
|
| Size: |
8192
|
|
|
2054CF0B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1691734198.000002054CF0B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CF0B000
|
| Size: |
4096
|
|
|
2D8AEE90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1795762170.000002D8AEE90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AEE90000
|
| Size: |
4096
|
|
|
6C82B0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491029080.0000006C82B0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C82B0C000
|
| Size: |
16384
|
|
|
B3767E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2626705562.0000000B3767E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3767E000
|
| Size: |
8192
|
|
|
7FF7C7B53000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2006579853.00007FF7C7B53000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B53000
|
| Size: |
4096
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328647864.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
98304
|
|
|
123A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3745246912.000000000123A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123A000
|
| Size: |
24576
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3745344770.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
12288
|
|
|
5462000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327688045.0000000005462000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5462000
|
| Size: |
20480
|
|
|
7FF7C7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1700417710.00007FF7C7C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C00000
|
| Size: |
8192
|
|
|
2FA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326996692.0000000002FA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA4000
|
| Size: |
45056
|
|
|
1F312750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178581082.000001F312750000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312750000
|
| Size: |
4096
|
|
|
2054CE00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CE00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CE00000
|
| Size: |
188416
|
|
|
7FF7C7B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2006641536.00007FF7C7B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B54000
|
| Size: |
36864
|
|
|
2D8B012D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B012D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B012D000
|
| Size: |
397312
|
|
|
2EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327016249.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF5000
|
| Size: |
81920
|
|
|
7FF7C7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1722704633.00007FF7C7F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F60000
|
| Size: |
65536
|
|
|
7FF7C7B6D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3764783534.00007FF7C7B6D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B6D000
|
| Size: |
4096
|
|
|
2D8AEF80000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1796843917.000002D8AEF80000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D8AEF80000
|
| Size: |
4096
|
|
|
2D8AD2A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD2A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD2A6000
|
| Size: |
8192
|
|
|
1C9FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290337643.000000001C9FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C9FB000
|
| Size: |
20480
|
|
|
20534650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495843676.0000020534650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20534650000
|
| Size: |
4096
|
|
|
2F22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321147292.0000000002F22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F22000
|
| Size: |
40960
|
|
|
2FAA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327081443.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FAA000
|
| Size: |
20480
|
|
|
7FF7C7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2007872410.00007FF7C7C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C00000
|
| Size: |
8192
|
|
|
2F2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324606677.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
61440
|
|
|
1C6FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290255859.000000001C6FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C6FE000
|
| Size: |
8192
|
|
|
7FF7C7B9C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2524388769.00007FF7C7B9C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B9C000
|
| Size: |
4096
|
|
|
685B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768573438.000000000685B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
685B000
|
| Size: |
20480
|
|
|
20535F1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535F1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535F1D000
|
| Size: |
929792
|
|
|
1C6DDAA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDAA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDAA0000
|
| Size: |
1069056
|
|
|
20532AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491688425.0000020532AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532AD0000
|
| Size: |
16384
|
|
|
7FF7C7D28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2528643129.00007FF7C7D28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D28000
|
| Size: |
4096
|
|
|
20534640000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1495797868.0000020534640000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
20534640000
|
| Size: |
20480
|
|
|
6C82B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1491058286.0000006C82B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C82B8E000
|
| Size: |
8192
|
|
|
1EDBBF20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2483861492.000001EDBBF20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBF20000
|
| Size: |
28672
|
|
|
1C6DE7DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE7DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE7DC000
|
| Size: |
1728512
|
|
|
20535692000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020535692000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20535692000
|
| Size: |
393216
|
|
|
1C6DDC48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDC48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDC48000
|
| Size: |
2682880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF7C7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2551591535.00007FF7C7FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FA0000
|
| Size: |
65536
|
|
|
2D8C7469000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7469000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7469000
|
| Size: |
4096
|
|
|
20534420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1494488422.0000020534420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20534420000
|
| Size: |
16384
|
|
|
7FF7C7D20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3119226532.00007FF7C7D20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D20000
|
| Size: |
24576
|
|
|
1C6DBE14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2635434926.000001C6DBE14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBE14000
|
| Size: |
86016
|
|
|
2D8B0E97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B0E97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B0E97000
|
| Size: |
49152
|
|
|
1EDA1E04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E04000
|
| Size: |
90112
|
|
|
1EDA1D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2100355403.000001EDA1D20000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1D20000
|
| Size: |
4096
|
|
|
1C6F5E20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3063637167.000001C6F5E20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1C6F5E20000
|
| Size: |
20480
|
|
|
7FF7C7D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2531749454.00007FF7C7D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D60000
|
| Size: |
65536
|
|
|
1C6F5F2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3070529625.000001C6F5F2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5F2B000
|
| Size: |
16384
|
|
|
29D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1327984996.00000000029D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29D0000
|
| Size: |
4096
|
|
|
E261CFA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1776823012.000000E261CFA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261CFA000
|
| Size: |
24576
|
|
|
3601000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3759131166.0000000003601000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3601000
|
| Size: |
4096
|
|
|
7FF7C7BAC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3765015936.00007FF7C7BAC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BAC000
|
| Size: |
8192
|
|
|
702000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289405008.0000000000702000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
702000
|
| Size: |
16384
|
|
|
1C6DC020000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000015.00000002.2643578619.000001C6DC020000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
1C6DC020000
|
| Size: |
4096
|
|
|
2054CF29000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1692305016.000002054CF29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CF29000
|
| Size: |
12288
|
|
|
7FF7C7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3145088211.00007FF7C7DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DE0000
|
| Size: |
65536
|
|
|
7FF7C7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1721976192.00007FF7C7F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F40000
|
| Size: |
65536
|
|
|
7FF7C7BCC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1290658853.00007FF7C7BCC000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7BCC000
|
| Size: |
4096
|
|
|
2EF9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319619189.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF9000
|
| Size: |
12288
|
|
|
1C402000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290091285.000000001C402000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C402000
|
| Size: |
4096
|
|
|
7FF7C7F4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3156240609.00007FF7C7F4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F4A000
|
| Size: |
24576
|
|
|
2FAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1323968704.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FAB000
|
| Size: |
16384
|
|
|
1EDA1DE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1DE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1DE8000
|
| Size: |
28672
|
|
|
7FF7C7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3141345329.00007FF7C7D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D90000
|
| Size: |
65536
|
|
|
7FF7C7E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2540710142.00007FF7C7E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E30000
|
| Size: |
65536
|
|
|
1C6DE616000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE616000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE616000
|
| Size: |
98304
|
|
|
2D8C75F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1994370511.000002D8C75F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C75F5000
|
| Size: |
483328
|
|
|
7FF7C7D40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3137712236.00007FF7C7D40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D40000
|
| Size: |
45056
|
|
|
7FF7C7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3155582583.00007FF7C7EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EE0000
|
| Size: |
36864
|
|
|
1EDBBE98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2481823595.000001EDBBE98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBE98000
|
| Size: |
20480
|
|
|
B3878E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2633397771.0000000B3878E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3878E000
|
| Size: |
8192
|
|
|
64D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288603158.000000000064D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
64D000
|
| Size: |
16384
|
|
|
20534460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495109109.0000020534460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20534460000
|
| Size: |
12288
|
|
|
7FF7C7CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3765523166.00007FF7C7CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CF0000
|
| Size: |
20480
|
|
|
1EDA3F3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA3F3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA3F3D000
|
| Size: |
5783552
|
|
|
2F9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326482525.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
65536
|
|
|
7FF7C7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2022700490.00007FF7C7E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E10000
|
| Size: |
65536
|
|
|
2D8C74B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1993465506.000002D8C74B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C74B0000
|
| Size: |
4096
|
|
|
E261C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1776794804.000000E261C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E261C7E000
|
| Size: |
8192
|
|
|
1C6F5E84000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5E84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E84000
|
| Size: |
118784
|
|
|
2D8AD5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1793025992.000002D8AD5C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD5C0000
|
| Size: |
16384
|
|
|
7DF4956A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1694456983.00007DF4956A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF4956A0000
|
| Size: |
4096
|
|
|
2D8AF53D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AF53D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AF53D000
|
| Size: |
5783552
|
|
|
2054CE2F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1686781867.000002054CE2F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CE2F000
|
| Size: |
376832
|
|
|
2F3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1325934693.0000000002F3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3C000
|
| Size: |
155648
|
|
|
1EDB3AA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3AA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3AA1000
|
| Size: |
229376
|
|
|
2D8AD4C0000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.1790909934.000002D8AD4C0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2D8AD4C0000
|
| Size: |
4096
|
|
|
7FF7C7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3114590042.00007FF7C7C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7C00000
|
| Size: |
8192
|
|
|
E2620BA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777451906.000000E2620BA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2620BA000
|
| Size: |
24576
|
|
|
1EDBBDD1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2459480490.000001EDBBDD1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBBDD1000
|
| Size: |
196608
|
|
|
2F23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327038830.0000000002F23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F23000
|
| Size: |
36864
|
|
|
1BECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3760193533.000000001BECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1BECE000
|
| Size: |
8192
|
|
|
5F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1288400517.00000000005F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
5465000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1324978614.0000000005465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5465000
|
| Size: |
8192
|
|
|
2E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328348052.0000000002E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8E000
|
| Size: |
8192
|
|
|
1EDA584E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA584E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA584E000
|
| Size: |
143360
|
|
|
7FF7C7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2535226697.00007FF7C7DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DD0000
|
| Size: |
65536
|
|
|
7FF7C7D32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3119864129.00007FF7C7D32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D32000
|
| Size: |
4096
|
|
|
2F26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328715312.0000000002F26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F26000
|
| Size: |
24576
|
|
|
7FF7C7B53000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3763937762.00007FF7C7B53000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7B53000
|
| Size: |
4096
|
|
|
2D8B01CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B01CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B01CB000
|
| Size: |
495616
|
|
|
547D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326667442.000000000547D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547D000
|
| Size: |
16384
|
|
|
1456000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.0000000001456000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1456000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1EDA52DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA52DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA52DA000
|
| Size: |
143360
|
|
|
2EF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326001780.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF5000
|
| Size: |
40960
|
|
|
987997B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2096278702.000000987997B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
987997B000
|
| Size: |
20480
|
|
|
1EDBC1C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2495356228.000001EDBC1C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC1C8000
|
| Size: |
28672
|
|
|
1660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3753893243.0000000001660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
4096
|
|
|
7FF7C7D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1709381033.00007FF7C7D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D60000
|
| Size: |
65536
|
|
|
610C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768019942.000000000610C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
610C000
|
| Size: |
16384
|
|
|
7FF7C7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2538663447.00007FF7C7E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E10000
|
| Size: |
65536
|
|
|
1EDBC0A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2484219807.000001EDBC0A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC0A0000
|
| Size: |
4096
|
|
|
1C6DE62F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE62F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE62F000
|
| Size: |
1470464
|
|
|
35F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3759075934.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35F0000
|
| Size: |
4096
|
|
|
1EDBC160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2490463019.000001EDBC160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDBC160000
|
| Size: |
397312
|
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3759612410.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C41000
|
| Size: |
49152
|
|
|
1C6F5E27000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3063637167.000001C6F5E27000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1C6F5E27000
|
| Size: |
12288
|
|
|
355B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3758216431.000000000355B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
355B000
|
| Size: |
4096
|
|
|
7FF7C7E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2539928094.00007FF7C7E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E20000
|
| Size: |
65536
|
|
|
2D8AFFC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8AFFC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8AFFC3000
|
| Size: |
307200
|
|
|
7FF7C7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3158191473.00007FF7C7F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F90000
|
| Size: |
36864
|
|
|
7FF7C7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3139566895.00007FF7C7D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D50000
|
| Size: |
4096
|
|
|
182000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1279309599.0000000000182000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
182000
|
| Size: |
208896
|
|
|
3500000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3755666197.0000000003500000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3500000
|
| Size: |
4096
|
|
|
976F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3770677087.000000000976F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
976F000
|
| Size: |
405504
|
|
|
7FF7C7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3156240609.00007FF7C7F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F40000
|
| Size: |
4096
|
|
|
666F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768210538.000000000666F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
666F000
|
| Size: |
4096
|
|
|
20536003000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.0000020536003000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20536003000
|
| Size: |
143360
|
|
|
1C6F5E6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3066707237.000001C6F5E6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F5E6C000
|
| Size: |
4096
|
|
|
7FF7C7C36000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1702274758.00007FF7C7C36000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C36000
|
| Size: |
86016
|
|
|
7FF7C7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1722464476.00007FF7C7F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F50000
|
| Size: |
65536
|
|
|
1EDB3D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3D5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3D5C000
|
| Size: |
4096
|
|
|
62D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288566954.000000000062D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
62D000
|
| Size: |
36864
|
|
|
1C6DE98C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DE98C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DE98C000
|
| Size: |
12288
|
|
|
1380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746328852.0000000001380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
45056
|
|
|
7FF7C7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1724443868.00007FF7C7FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FB0000
|
| Size: |
8192
|
|
|
7FF7C7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2533028912.00007FF7C7D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D90000
|
| Size: |
65536
|
|
|
2054CF34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1692305016.000002054CF34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054CF34000
|
| Size: |
98304
|
|
|
2D8AD26B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1781379168.000002D8AD26B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AD26B000
|
| Size: |
12288
|
|
|
7FF7C7EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2545181957.00007FF7C7EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB0000
|
| Size: |
65536
|
|
|
656E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3768120656.000000000656E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
656E000
|
| Size: |
8192
|
|
|
7FF7C7F70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2030776144.00007FF7C7F70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7F70000
|
| Size: |
4096
|
|
|
1EDB3D57000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3D57000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3D57000
|
| Size: |
16384
|
|
|
1669000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3750513872.0000000001669000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1669000
|
| Size: |
12288
|
|
|
7FF7C7E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1716250327.00007FF7C7E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E40000
|
| Size: |
65536
|
|
|
2D8C745D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C745D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C745D000
|
| Size: |
4096
|
|
|
7FF7C7E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2542484517.00007FF7C7E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E60000
|
| Size: |
16384
|
|
|
7FF7C7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2538245050.00007FF7C7E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E00000
|
| Size: |
65536
|
|
|
1C6F60A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3074886049.000001C6F60A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F60A9000
|
| Size: |
8192
|
|
|
35EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3758659342.00000000035EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35EC000
|
| Size: |
16384
|
|
|
2054CCC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1685447778.000002054CCC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2054CCC0000
|
| Size: |
4096
|
|
|
7FF7C7D20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2013269202.00007FF7C7D20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7D20000
|
| Size: |
4096
|
|
|
7FF7C7B84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290496671.00007FF7C7B84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B84000
|
| Size: |
12288
|
|
|
7FF7C7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2022357528.00007FF7C7E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E00000
|
| Size: |
65536
|
|
|
7FF7C7CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2527273892.00007FF7C7CF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CF1000
|
| Size: |
32768
|
|
|
F60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1287290910.0000000000F60000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F60000
|
| Size: |
4096
|
|
|
1EDB3ADE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2407013057.000001EDB3ADE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDB3ADE000
|
| Size: |
1912832
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
547C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1326462879.000000000547C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547C000
|
| Size: |
20480
|
|
|
2D8C746D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C746D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C746D000
|
| Size: |
4096
|
|
|
7FF7C7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1712845870.00007FF7C7DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DD0000
|
| Size: |
65536
|
|
|
1EDA481F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA481F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA481F000
|
| Size: |
2019328
|
|
|
20532B8F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B8F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B8F000
|
| Size: |
12288
|
|
|
6C814E3000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1469169270.0000006C814E3000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C814E3000
|
| Size: |
53248
|
|
|
165C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3750513872.000000000165C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
165C000
|
| Size: |
49152
|
|
|
1F312760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.3178730321.000001F312760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F312760000
|
| Size: |
24576
|
|
|
6C818FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1472909526.0000006C818FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C818FA000
|
| Size: |
24576
|
|
|
2D8C7461000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1968772865.000002D8C7461000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C7461000
|
| Size: |
4096
|
|
|
2D8AED77000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1793126999.000002D8AED77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8AED77000
|
| Size: |
798720
|
|
|
B379BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2628987889.0000000B379BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B379BE000
|
| Size: |
8192
|
|
|
7FF7C7C0C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3765221226.00007FF7C7C0C000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C0C000
|
| Size: |
4096
|
|
|
7FF7C7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2552121705.00007FF7C7FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FB0000
|
| Size: |
8192
|
|
|
20532B58000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1492172890.0000020532B58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20532B58000
|
| Size: |
204800
|
|
|
2F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320647286.0000000002F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F09000
|
| Size: |
143360
|
|
|
7FF7C7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2032028788.00007FF7C7FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7FC0000
|
| Size: |
65536
|
|
|
7FF7C7CFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2527273892.00007FF7C7CFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7CFA000
|
| Size: |
24576
|
|
|
5C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3766411610.0000000005C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C70000
|
| Size: |
65536
|
|
|
7FF7C7C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3116817500.00007FF7C7C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C70000
|
| Size: |
16384
|
|
|
1EDA1E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E21000
|
| Size: |
12288
|
|
|
7FF7C7E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3150611015.00007FF7C7E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E60000
|
| Size: |
57344
|
|
|
4CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329265391.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
1C1CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3763261103.000000001C1CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C1CE000
|
| Size: |
8192
|
|
|
7FF7C7EB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1720300954.00007FF7C7EB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7EB8000
|
| Size: |
12288
|
|
|
7FF7C7B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1290632561.00007FF7C7B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7B90000
|
| Size: |
4096
|
|
|
7DF44DC70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.2006377001.00007DF44DC70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF44DC70000
|
| Size: |
4096
|
|
|
4C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1329182780.0000000004C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C2E000
|
| Size: |
8192
|
|
|
20544959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1640036184.0000020544959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20544959000
|
| Size: |
8192
|
|
|
1390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3746217251.0000000001390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1390000
|
| Size: |
4096
|
|
|
649000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288603158.0000000000649000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
649000
|
| Size: |
12288
|
|
|
2F23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1327149190.0000000002F23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F23000
|
| Size: |
36864
|
|
|
1350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3746134509.0000000001350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
8192
|
|
|
2F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1321223153.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F05000
|
| Size: |
380928
|
|
|
205355FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.00000205355FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
205355FD000
|
| Size: |
20480
|
|
|
7FF7C7E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2024890316.00007FF7C7E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E60000
|
| Size: |
49152
|
|
|
7FF7C7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1714431998.00007FF7C7E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7E00000
|
| Size: |
65536
|
|
|
1C6DDA21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2649034457.000001C6DDA21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6DDA21000
|
| Size: |
507904
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1C6DD8DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2644728357.000001C6DD8DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DD8DF000
|
| Size: |
798720
|
|
|
354E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3755803408.000000000354E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
354E000
|
| Size: |
4096
|
|
|
1EDA1E2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2102602162.000001EDA1E2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1EDA1E2B000
|
| Size: |
4096
|
|
|
E2621BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1777537335.000000E2621BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2621BF000
|
| Size: |
4096
|
|
|
7FF7C7C26000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2525148185.00007FF7C7C26000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FF7C7C26000
|
| Size: |
86016
|
|
|
1AA1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1289901722.000000001AA1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1AA1D000
|
| Size: |
12288
|
|
|
2F2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1320803543.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2A000
|
| Size: |
8192
|
|
|
2DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1328178149.0000000002DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1319619189.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
12288
|
|
|
2054C66F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1675392724.000002054C66F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2054C66F000
|
| Size: |
798720
|
|
|
19CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3754454853.00000000019CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19CF000
|
| Size: |
4096
|
|
|
2053659C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1495864078.000002053659C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2053659C000
|
| Size: |
118784
|
|
|
1C6EDA41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3009291109.000001C6EDA41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1C6EDA41000
|
| Size: |
8192
|
|
|
2D8B08FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1797248436.000002D8B08FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8B08FF000
|
| Size: |
401408
|
|
|
647000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1288603158.0000000000647000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
647000
|
| Size: |
4096
|
|
|
7FF7C7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2018536226.00007FF7C7DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DB0000
|
| Size: |
65536
|
|
|
7FF7C7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2021186889.00007FF7C7DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DE0000
|
| Size: |
65536
|
|
|
7DF4342F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3110502812.00007DF4342F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF4342F0000
|
| Size: |
4096
|
|
|
20534646000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1495797868.0000020534646000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
20534646000
|
| Size: |
16384
|
|
|
1C6F617B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3100399042.000001C6F617B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6F617B000
|
| Size: |
36864
|
|
|
7FF7C7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2532169035.00007FF7C7D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7D70000
|
| Size: |
65536
|
|
|
1EDA44C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2127953728.000001EDA44C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1EDA44C2000
|
| Size: |
3248128
|
|
|
7FF7C7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2534633492.00007FF7C7DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7DC0000
|
| Size: |
65536
|
|
|
7FF7C7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2549345350.00007FF7C7F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF7C7F60000
|
| Size: |
65536
|
|
|
1C6DBDF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2634331857.000001C6DBDF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C6DBDF8000
|
| Size: |
106496
|
|
|
2D8C73B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1965851321.000002D8C73B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D8C73B8000
|
| Size: |
192512
|
|
