6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
6D461000
|
unkown image
|
page execute read
|
|
|
|
Name:
|
00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page execute read
|
Base address:
|
6D461000
|
Size:
|
561152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Ursnif |
Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality |
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917277133.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914744017.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
9C000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914348063.000000000009C000.00000004.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
9C000
|
Size:
|
16384
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915482666.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.931300557.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
160000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914411124.0000000000160000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
160000
|
Size:
|
16384
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.948147302.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922166347.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
7FF566ACA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.709035039.00007FF566ACA000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566ACA000
|
Size:
|
8192
|
|
76A000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921986458.000000000076A000.00000004.00000020.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
76A000
|
Size:
|
106496
|
|
3230000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916552317.0000000003230000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3230000
|
Size:
|
16384
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.923801084.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922074276.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.926011002.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914702418.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
740000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.921975859.0000000000740000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
740000
|
Size:
|
4096
|
|
F3A000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915299784.0000000000F3A000.00000004.00000020.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
F3A000
|
Size:
|
118784
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922096046.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
9F0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.921886056.00000000009F0000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
9F0000
|
Size:
|
4096
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914739080.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922136120.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915464789.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
231A7140000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.694645950.00000231A7140000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A7140000
|
Size:
|
4096
|
|
1340000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917196462.0000000001340000.00000002.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1340000
|
Size:
|
16384
|
|
231A6B00000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.677269205.00000231A6B00000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6B00000
|
Size:
|
4096
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000003.00000001.645501568.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
730000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.921971703.0000000000730000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
730000
|
Size:
|
4096
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922173788.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922056977.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922080009.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
231A7400000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.694663890.00000231A7400000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A7400000
|
Size:
|
3371008
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921321344.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
231A6A55000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.670278241.00000231A6A55000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A55000
|
Size:
|
106496
|
|
231A6CD0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.694634757.00000231A6CD0000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A6CD0000
|
Size:
|
4096
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915380783.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
C50000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915179551.0000000000C50000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
C50000
|
Size:
|
806912
|
|
7AA000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914566072.00000000007AA000.00000004.00000020.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
7AA000
|
Size:
|
118784
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915449465.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
150000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917092286.0000000000150000.00000004.00000020.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
150000
|
Size:
|
20480
|
|
9E0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.921882185.00000000009E0000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
9E0000
|
Size:
|
4096
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.939104999.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
43A000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921875257.000000000043A000.00000004.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
43A000
|
Size:
|
4096
|
|
8C622FE000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.661993814.0000008C622FE000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C622FE000
|
Size:
|
8192
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916347721.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
7FF566696000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.697402506.00007FF566696000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566696000
|
Size:
|
32768
|
|
8C623F7000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.662476858.0000008C623F7000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C623F7000
|
Size:
|
36864
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914673047.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922040083.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
30B0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.957190907.00000000030B0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
30B0000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922125778.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921208861.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
231A6A81000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.673125148.00000231A6A81000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A81000
|
Size:
|
61440
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000000.662302831.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.926010024.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922059710.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922152421.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
2E1000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917124008.00000000002E1000.00000004.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
2E1000
|
Size:
|
8192
|
|
DB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914360329.00000000000DB000.00000004.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
DB000
|
Size:
|
20480
|
|
9D000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.916768514.000000000009D000.00000004.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
9D000
|
Size:
|
12288
|
|
C60000
|
heap default
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921899166.0000000000C60000.00000004.00000020.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
C60000
|
Size:
|
32768
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.940746822.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
231A6A4A000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000003.657490315.00000231A6A4A000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
free memory
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A4A000
|
Size:
|
24576
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922129474.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
ACE000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915164152.0000000000ACE000.00000004.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
ACE000
|
Size:
|
8192
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.946741863.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
3F0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921862908.00000000003F0000.00000004.00000020.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
3F0000
|
Size:
|
20480
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916287713.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922037891.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
A50000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922013887.0000000000A50000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
A50000
|
Size:
|
32768
|
|
DF0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915277693.0000000000DF0000.00000004.00000020.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
DF0000
|
Size:
|
20480
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916310023.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
7FF566ABA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.707718603.00007FF566ABA000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566ABA000
|
Size:
|
4096
|
|
7FF566BBA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.741409593.00007FF566BBA000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566BBA000
|
Size:
|
12288
|
|
7FF566AD0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.710665214.00007FF566AD0000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566AD0000
|
Size:
|
16384
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914727732.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922044032.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
D60000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.921918944.0000000000D60000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
D60000
|
Size:
|
806912
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922054016.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914604090.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
1D0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917115331.00000000001D0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1D0000
|
Size:
|
4096
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.966145648.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
0000000D.00000001.654888513.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
436000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921869373.0000000000436000.00000004.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
436000
|
Size:
|
8192
|
|
9D0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921874534.00000000009D0000.00000004.00000020.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
9D0000
|
Size:
|
20480
|
|
3780000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.927424186.0000000003780000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3780000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000000.685391869.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916327687.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
180000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917111088.0000000000180000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
180000
|
Size:
|
4096
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915442815.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
7FF566B3E000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.733237668.00007FF566B3E000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B3E000
|
Size:
|
16384
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922033140.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.927423041.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916304877.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
140000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914390024.0000000000140000.00000004.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
140000
|
Size:
|
4096
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915369797.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
30EB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916460605.00000000030EB000.00000004.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
30EB000
|
Size:
|
20480
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916420190.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
AD2000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915172144.0000000000AD2000.00000004.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
AD2000
|
Size:
|
4096
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000000.653437681.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914665013.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
EAD000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.916767199.0000000000EAD000.00000004.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
EAD000
|
Size:
|
12288
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915392942.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915405282.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922102940.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.960030423.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.937898920.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915352709.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915459617.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
159B000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917221171.000000000159B000.00000004.00000020.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
159B000
|
Size:
|
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates a DirectInput object (often for capturing keystrokes) |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914763793.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
231A6A29000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.666792164.00000231A6A29000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A29000
|
Size:
|
73728
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915387725.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
3240000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916557870.0000000003240000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3240000
|
Size:
|
4096
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.952768648.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
EE2000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916273557.0000000000EE2000.00000004.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
EE2000
|
Size:
|
4096
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914643945.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916374195.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
1A20000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917246686.0000000001A20000.00000002.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1A20000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
D40000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915260716.0000000000D40000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
D40000
|
Size:
|
16384
|
|
D20000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915249966.0000000000D20000.00000004.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
D20000
|
Size:
|
4096
|
|
6E0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.921966857.00000000006E0000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
6E0000
|
Size:
|
4096
|
|
7FF566A34000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.706411912.00007FF566A34000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566A34000
|
Size:
|
4096
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.964938469.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
BB1000
|
unkown
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921891008.0000000000BB1000.00000004.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
BB1000
|
Size:
|
8192
|
|
FAB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917074892.0000000000FAB000.00000004.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
FAB000
|
Size:
|
20480
|
|
32B0000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916574955.00000000032B0000.00000004.00000040.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
32B0000
|
Size:
|
20480
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914613015.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916283842.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.927422345.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916444699.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914769972.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
4D0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917224189.00000000004D0000.00000004.00000020.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
4D0000
|
Size:
|
32768
|
|
7FF566B07000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.724806000.00007FF566B07000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B07000
|
Size:
|
28672
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921856343.00000000003D0000.00000004.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
3D0000
|
Size:
|
4096
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914445339.0000000000400000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
400000
|
Size:
|
806912
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922048173.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
7FF566ABC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.708286940.00007FF566ABC000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566ABC000
|
Size:
|
8192
|
|
231A6A3C000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.668479810.00000231A6A3C000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A3C000
|
Size:
|
57344
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915419359.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
760000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.921980228.0000000000760000.00000004.00000020.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
760000
|
Size:
|
32768
|
|
231A6A00000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.663912581.00000231A6A00000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A00000
|
Size:
|
73728
|
|
7FF566921000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.700150779.00007FF566921000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566921000
|
Size:
|
12288
|
|
231A6C00000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.682633945.00000231A6C00000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A6C00000
|
Size:
|
806912
|
|
9AD000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915141503.00000000009AD000.00000004.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
9AD000
|
Size:
|
12288
|
|
231A6ED0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.694640098.00000231A6ED0000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A6ED0000
|
Size:
|
16384
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.932675760.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
1220000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917106695.0000000001220000.00000002.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1220000
|
Size:
|
806912
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916398792.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
7FF566B46000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.734786590.00007FF566B46000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B46000
|
Size:
|
8192
|
|
8C61D3B000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.660243576.0000008C61D3B000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C61D3B000
|
Size:
|
20480
|
|
4D0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914522561.00000000004D0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
4D0000
|
Size:
|
4096
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.966581681.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
F10000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915286239.0000000000F10000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
F10000
|
Size:
|
4096
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.918875693.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
1020000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917092000.0000000001020000.00000004.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
1020000
|
Size:
|
8192
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
7FF566ACE000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.709965920.00007FF566ACE000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566ACE000
|
Size:
|
4096
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917272228.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916301628.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922034979.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
A40000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.922008330.0000000000A40000.00000004.00000040.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
A40000
|
Size:
|
20480
|
|
3140000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916471269.0000000003140000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3140000
|
Size:
|
806912
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922052003.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
7FF566A3C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.706967454.00007FF566A3C000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566A3C000
|
Size:
|
8192
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.966549203.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.964978981.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
785000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.922001334.0000000000785000.00000004.00000020.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
785000
|
Size:
|
12288
|
|
231A6A4D000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.669876690.00000231A6A4D000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A4D000
|
Size:
|
12288
|
|
170000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914421280.0000000000170000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
170000
|
Size:
|
4096
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7FF5669CE000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.702896589.00007FF5669CE000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF5669CE000
|
Size:
|
4096
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.924807253.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
348A000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916593041.000000000348A000.00000004.00000020.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
348A000
|
Size:
|
114688
|
|
107D000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916279007.000000000107D000.00000004.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
107D000
|
Size:
|
12288
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.920985513.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
231A7202000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.694658768.00000231A7202000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A7202000
|
Size:
|
4096
|
|
3290000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916562083.0000000003290000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3290000
|
Size:
|
4096
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000000.671345069.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914721219.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914630214.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
2D95000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917295090.0000000002D95000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D95000
|
Size:
|
8192
|
|
3440000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921221388.0000000003440000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3440000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914759037.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922152543.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915414764.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
1024000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917100348.0000000001024000.00000004.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
1024000
|
Size:
|
4096
|
|
EDE000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916267889.0000000000EDE000.00000004.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
EDE000
|
Size:
|
8192
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915437148.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922071258.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000000.00000001.692970847.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
7FF566AFF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.723525755.00007FF566AFF000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566AFF000
|
Size:
|
16384
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.966196301.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
7FF566ADB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.712842509.00007FF566ADB000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566ADB000
|
Size:
|
45056
|
|
231A6A50000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000003.657471936.00000231A6A50000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
free memory
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A50000
|
Size:
|
126976
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.966181222.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.954180754.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.934884969.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.959988796.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916296173.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917266807.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.960025736.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
8C624FF000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.663245164.0000008C624FF000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C624FF000
|
Size:
|
4096
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.925007489.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914780472.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.941950678.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
32D000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.916770392.000000000032D000.00000004.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
32D000
|
Size:
|
12288
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916340029.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
F90000
|
heap private
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921996608.0000000000F90000.00000004.00000040.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
F90000
|
Size:
|
20480
|
|
231A6A13000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.665217786.00000231A6A13000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A13000
|
Size:
|
86016
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922118453.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922090130.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914750409.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922008115.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
980000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.921869518.0000000000980000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
980000
|
Size:
|
4096
|
|
6B0000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917246242.00000000006B0000.00000004.00000040.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
6B0000
|
Size:
|
20480
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916436956.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.964986931.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915316745.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
3000000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917287237.0000000003000000.00000004.00000040.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
3000000
|
Size:
|
8192
|
|
21D000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914432649.000000000021D000.00000004.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
21D000
|
Size:
|
8192
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917283021.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
7FF566BC1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.742884735.00007FF566BC1000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566BC1000
|
Size:
|
20480
|
|
C6A000
|
heap default
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921904927.0000000000C6A000.00000004.00000020.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
C6A000
|
Size:
|
114688
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914617391.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
9EB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915156030.00000000009EB000.00000004.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
9EB000
|
Size:
|
20480
|
|
32A0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916570675.00000000032A0000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
32A0000
|
Size:
|
4096
|
|
7FF5666A5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.698909743.00007FF5666A5000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF5666A5000
|
Size:
|
4096
|
|
7FF566AFC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.722949578.00007FF566AFC000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566AFC000
|
Size:
|
4096
|
|
D50000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915268410.0000000000D50000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
D50000
|
Size:
|
4096
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922044353.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
30B0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921214338.00000000030B0000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
30B0000
|
Size:
|
32768
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914687016.0000000002DB0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB0000
|
Size:
|
32768
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000015.00000001.675067758.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
3440000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.928824378.0000000003440000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3440000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
1690000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917239137.0000000001690000.00000002.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1690000
|
Size:
|
32768
|
|
600000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.921879952.0000000000600000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
600000
|
Size:
|
806912
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915374916.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
4DA000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917230819.00000000004DA000.00000004.00000020.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
4DA000
|
Size:
|
118784
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000010.00000001.663493319.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
7A0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914552360.00000000007A0000.00000004.00000020.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
7A0000
|
Size:
|
32768
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922108991.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.960018235.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
231A6A70000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.672481780.00000231A6A70000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6A70000
|
Size:
|
16384
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.929693836.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.944769443.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
5E0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914546388.00000000005E0000.00000004.00000020.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
5E0000
|
Size:
|
20480
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922064156.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922064496.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
7FF566A23000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.704919433.00007FF566A23000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566A23000
|
Size:
|
24576
|
|
30B0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.929091942.00000000030B0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
30B0000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.919279236.000000000036B000.00000004.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
36B000
|
Size:
|
20480
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000000.645260786.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916382298.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914633881.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916369219.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
2E5000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917129291.00000000002E5000.00000004.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
2E5000
|
Size:
|
4096
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.933679533.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916357047.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
7FF5663D2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.695694842.00007FF5663D2000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF5663D2000
|
Size:
|
4096
|
|
7FF566B24000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.728850562.00007FF566B24000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B24000
|
Size:
|
20480
|
|
7FF5669B1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.701975552.00007FF5669B1000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF5669B1000
|
Size:
|
4096
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922114549.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917135456.0000000000400000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
400000
|
Size:
|
806912
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.966593017.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
3480000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916585869.0000000003480000.00000004.00000020.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
3480000
|
Size:
|
32768
|
|
2DA3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916318487.0000000002DA3000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DA3000
|
Size:
|
28672
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.917504727.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915469900.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921260732.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
FF0000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917084438.0000000000FF0000.00000004.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
FF0000
|
Size:
|
4096
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922158141.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
7FF566973000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.701276174.00007FF566973000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566973000
|
Size:
|
8192
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916415615.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922145837.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921197378.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
170000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917104472.0000000000170000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
170000
|
Size:
|
16384
|
|
140000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917085035.0000000000140000.00000004.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
140000
|
Size:
|
4096
|
|
E00000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915283057.0000000000E00000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
E00000
|
Size:
|
4096
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916291944.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916406447.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917261957.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
7FF566B4D000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.737553904.00007FF566B4D000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B4D000
|
Size:
|
16384
|
|
7FF566847000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.699513130.00007FF566847000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566847000
|
Size:
|
8192
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.950558231.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
8C61DBE000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.660632572.0000008C61DBE000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C61DBE000
|
Size:
|
8192
|
|
7FF566690000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.696206636.00007FF566690000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566690000
|
Size:
|
20480
|
|
7FF56632D000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.695187658.00007FF56632D000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF56632D000
|
Size:
|
4096
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922123009.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
30B0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.932674972.00000000030B0000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
30B0000
|
Size:
|
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
231A6B13000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.682231447.00000231A6B13000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6B13000
|
Size:
|
8192
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915491187.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916389780.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.924603044.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915474060.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
6D0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.921960238.00000000006D0000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
6D0000
|
Size:
|
16384
|
|
7FF566B14000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.726774493.00007FF566B14000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B14000
|
Size:
|
4096
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915328905.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921203783.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
231A6B08000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.681468932.00000231A6B08000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6B08000
|
Size:
|
12288
|
|
2DDF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922135431.0000000002DDF000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDF000
|
Size:
|
4096
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000002.00000001.645172295.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
2DB9000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922091255.0000000002DB9000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DB9000
|
Size:
|
40960
|
|
7FF566A1D000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.703497858.00007FF566A1D000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566A1D000
|
Size:
|
20480
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914775371.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.955582620.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
7FF566B49000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.736017904.00007FF566B49000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B49000
|
Size:
|
12288
|
|
1590000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917213357.0000000001590000.00000004.00000020.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
1590000
|
Size:
|
36864
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000000.644933054.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922029063.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
7FF566BB4000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.739367408.00007FF566BB4000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566BB4000
|
Size:
|
20480
|
|
DE0000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915272003.0000000000DE0000.00000004.00000040.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
DE0000
|
Size:
|
20480
|
|
13E0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000000.00000002.917207163.00000000013E0000.00000004.00000020.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
13E0000
|
Size:
|
20480
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922107907.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
DB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000002.00000002.917075386.00000000000DB000.00000004.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
DB000
|
Size:
|
20480
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.966190440.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
4E0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914533080.00000000004E0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
4E0000
|
Size:
|
4096
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922004450.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922018164.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
F30000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.915294011.0000000000F30000.00000004.00000020.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
F30000
|
Size:
|
32768
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.948353319.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915343572.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
BB5000
|
unkown
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921895433.0000000000BB5000.00000004.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
BB5000
|
Size:
|
4096
|
|
2D73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922023885.0000000002D73000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D73000
|
Size:
|
4096
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.944569476.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
8A0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914582698.00000000008A0000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
8A0000
|
Size:
|
32768
|
|
7FF566BC2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000000.646201932.00007FF566BC2000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process new
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566BC2000
|
Size:
|
16384
|
|
12F0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917191396.00000000012F0000.00000002.00000001.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
12F0000
|
Size:
|
4096
|
|
2DD3000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922102970.0000000002DD3000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DD3000
|
Size:
|
12288
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922080604.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
7FF566AD5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.711870787.00007FF566AD5000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566AD5000
|
Size:
|
12288
|
|
2E41000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.916666419.0000000002E41000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E41000
|
Size:
|
12288
|
|
2DCF000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916364521.0000000002DCF000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCF000
|
Size:
|
8192
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922129764.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914680786.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
7FF566AE7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.717885239.00007FF566AE7000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566AE7000
|
Size:
|
49152
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916428600.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.931100725.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2DF2000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916394519.0000000002DF2000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF2000
|
Size:
|
8192
|
|
2DDA000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.936291821.0000000002DDA000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DDA000
|
Size:
|
16384
|
|
8AC000
|
unkown
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.916771700.00000000008AC000.00000004.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8AC000
|
Size:
|
16384
|
|
2DAC000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916323859.0000000002DAC000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DAC000
|
Size:
|
8192
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.943559362.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
3580000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.925008620.0000000003580000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
3580000
|
Size:
|
32768
|
|
2D9C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916314401.0000000002D9C000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D9C000
|
Size:
|
12288
|
|
2D6C000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914623245.0000000002D6C000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D6C000
|
Size:
|
16384
|
|
231A6990000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.663583167.00000231A6990000.00000004.00000040.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
231A6990000
|
Size:
|
4096
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917288070.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
231A6B02000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.678117848.00000231A6B02000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A6B02000
|
Size:
|
16384
|
|
231A69F0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.663732148.00000231A69F0000.00000004.00000020.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
231A69F0000
|
Size:
|
8192
|
|
2DFB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922163302.0000000002DFB000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DFB000
|
Size:
|
49152
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000003.00000002.966588793.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
6D55C000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.921362657.000000006D55C000.00000004.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D55C000
|
Size:
|
4096
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.930296670.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922113910.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.928220295.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922013045.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.923598963.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
1E0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917119584.00000000001E0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
1E0000
|
Size:
|
4096
|
|
7FF566B2F000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.730525200.00007FF566B2F000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B2F000
|
Size:
|
8192
|
|
8C6227B000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.661434540.0000008C6227B000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C6227B000
|
Size:
|
20480
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
7FF566B1A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.727385539.00007FF566B1A000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B1A000
|
Size:
|
20480
|
|
2DF6000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922157617.0000000002DF6000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DF6000
|
Size:
|
16384
|
|
2DCD000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915431469.0000000002DCD000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DCD000
|
Size:
|
4096
|
|
6D545000
|
unkown image
|
page read and write
|
|
|
|
Name:
|
00000015.00000002.921353808.000000006D545000.00000004.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page read and write
|
Base address:
|
6D545000
|
Size:
|
28672
|
|
30B0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.926412748.00000000030B0000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
30B0000
|
Size:
|
32768
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922028449.0000000002CA0000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2CA0000
|
Size:
|
8192
|
|
970000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.921863361.0000000000970000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
970000
|
Size:
|
16384
|
|
231A7740000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.695034218.00000231A7740000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
231A7740000
|
Size:
|
1269760
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921366661.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
2DC7000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916351203.0000000002DC7000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC7000
|
Size:
|
12288
|
|
8C6207E000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.661032089.0000008C6207E000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C6207E000
|
Size:
|
8192
|
|
7FF5669CB000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.702307850.00007FF5669CB000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF5669CB000
|
Size:
|
8192
|
|
6D4EA000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp
|
TargetID:
|
0
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D4EA000
|
Size:
|
372736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
6C0000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000002.00000002.917252402.00000000006C0000.00000002.00000001.sdmp
|
TargetID:
|
2
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
6C0000
|
Size:
|
32768
|
|
2DE1000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922118834.0000000002DE1000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DE1000
|
Size:
|
16384
|
|
8EB000
|
unkown
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.919278356.00000000008EB000.00000004.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8EB000
|
Size:
|
20480
|
|
231A7150000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.694654220.00000231A7150000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
231A7150000
|
Size:
|
4096
|
|
2E62000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.922172655.0000000002E62000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E62000
|
Size:
|
12288
|
|
5A0000
|
heap private
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914536540.00000000005A0000.00000004.00000040.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap private
|
Protect:
|
page read and write
|
Base address:
|
5A0000
|
Size:
|
20480
|
|
32C0000
|
heap default
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916580603.00000000032C0000.00000004.00000020.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
heap default
|
Protect:
|
page read and write
|
Base address:
|
32C0000
|
Size:
|
20480
|
|
2DC5000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.914711388.0000000002DC5000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2DC5000
|
Size:
|
4096
|
|
221000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000018.00000002.914437941.0000000000221000.00000004.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
221000
|
Size:
|
4096
|
|
2D7A000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915363770.0000000002D7A000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D7A000
|
Size:
|
12288
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.918876718.0000000002E45000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E45000
|
Size:
|
32768
|
|
2E68000
|
unkown
|
page readonly
|
|
|
|
Name:
|
0000000D.00000002.923407228.0000000002E68000.00000002.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E68000
|
Size:
|
12288
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.943161305.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
6D55D000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.964992087.000000006D55D000.00000002.00020000.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D55D000
|
Size:
|
28672
|
|
2C06000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000003.00000002.922023442.0000000002C06000.00000002.00000001.sdmp
|
TargetID:
|
3
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2C06000
|
Size:
|
4096
|
|
950000
|
unkown
|
page read and write
|
|
|
|
Name:
|
0000000D.00000002.921856401.0000000000950000.00000004.00000001.sdmp
|
TargetID:
|
13
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
950000
|
Size:
|
4096
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000010.00000002.916547259.0000000003210000.00000004.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
3210000
|
Size:
|
4096
|
|
6D460000
|
unkown image
|
page readonly
|
|
|
|
Name:
|
00000018.00000001.689871386.000000006D460000.00000002.00020000.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
image loaded
|
Regiontype:
|
unkown image
|
Protect:
|
page readonly
|
Base address:
|
6D460000
|
Size:
|
4096
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.921187043.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
8C625FE000
|
unkown
|
page read and write
|
|
|
|
Name:
|
00000005.00000002.663377345.0000008C625FE000.00000004.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page read and write
|
Base address:
|
8C625FE000
|
Size:
|
8192
|
|
2E73000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000010.00000002.916450622.0000000002E73000.00000002.00000001.sdmp
|
TargetID:
|
16
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E73000
|
Size:
|
16384
|
|
2E54000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000018.00000002.922392420.0000000002E54000.00000002.00000001.sdmp
|
TargetID:
|
24
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2E54000
|
Size:
|
28672
|
|
2D69000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000015.00000002.915335779.0000000002D69000.00000002.00000001.sdmp
|
TargetID:
|
21
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
2D69000
|
Size:
|
8192
|
|
7FF566B38000
|
unkown
|
page readonly
|
|
|
|
Name:
|
00000005.00000002.731730266.00007FF566B38000.00000002.00000001.sdmp
|
TargetID:
|
5
|
Dumpstage:
|
process exit
|
Regiontype:
|
unkown
|
Protect:
|
page readonly
|
Base address:
|
7FF566B38000
|
Size:
|
12288
|
|