Automated Malware Analysis IOC Report for

Details

Name:	00000009.00000002.2205013138.0000000002131000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2131000
Size:	106496

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM_3	Malware Analysis System Evasion,
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion,	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion,	Security Software Discovery
Urls found in memory or binary data	Networking,

Details

Name:	00000008.00000002.2379743753.0000000000402000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	0000000C.00000002.2217649991.0000000003239000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3239000
Size:	491520

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000009.00000002.2205048820.0000000002164000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2164000
Size:	1900544

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM_3	Malware Analysis System Evasion,

Details

Name:	00000004.00000002.2170837630.000000000367A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	367A000
Size:	495616

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000004.00000002.2169962505.00000000023C1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23C1000
Size:	110592

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM_3	Malware Analysis System Evasion,
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion,	Security Software Discovery
Urls found in memory or binary data	Networking,

Details

Name:	00000009.00000002.2205759435.00000000033EA000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	33EA000
Size:	495616

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000009.00000002.2205386626.0000000003139000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3139000
Size:	2732032

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	0000000C.00000002.2217307442.0000000000402000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000008.00000002.2379798329.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing,	Input Capture
Yara signature match	System Summary,

Details

Name:	00000004.00000002.2170026824.0000000002400000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2400000
Size:	1867776

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM_3	Malware Analysis System Evasion,

Details

Name:	0000000C.00000002.2217597848.0000000002231000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2231000
Size:	229376

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000008.00000002.2380016596.00000000020B1000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20B1000
Size:	327680

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000008.00000002.2380561005.00000000030F9000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	30F9000
Size:	229376

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000004.00000002.2170352456.00000000033C9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	33C9000
Size:	2732032

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary,
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary,

Details

Name:	00000007.00000000.2167623786.00000000107BE000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000004.00000002.2169952830.00000000023BE000.00000104.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	23BE000
Size:	4096

Details

Name:	00000004.00000002.2169398716.0000000000218000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	218000
Size:	4096

Details

Name:	00000004.00000002.2169695857.00000000008E1000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	8E1000
Size:	61440

Details

Name:	00000007.00000000.2167615838.00000000107A8000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000009.00000002.2209537252.000000007EFDF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000008.00000002.2379782480.0000000000488000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	488000
Size:	8192

Details

Name:	00000009.00000002.2207247279.0000000004CA0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CA0000
Size:	4096

Details

Name:	00000008.00000002.2381080765.000000000476F000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	476F000
Size:	4096

Details

Name:	00000008.00000002.2379818224.0000000000570000.00000040.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	570000
Size:	4096

Details

Name:	00000008.00000003.2171297343.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	28672

Details

Name:	0000000C.00000002.2217235718.0000000000150000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	150000
Size:	16384

Details

Name:	00000008.00000002.2379666428.0000000000207000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	207000
Size:	4096

Details

Name:	00000009.00000003.2199417333.0000000000510000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	65536

Details

Name:	00000004.00000003.2163891931.0000000000530000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	4096

Details

Name:	00000004.00000002.2169355864.0000000000172000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	172000
Size:	45056

Details

Name:	00000009.00000003.2200571221.00000000057D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	57D0000
Size:	4096

Details

Name:	0000000C.00000003.2217125793.00000000008A0000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	8A0000
Size:	4096

Details

Name:	00000004.00000002.2169489989.0000000000430000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	430000
Size:	40960

Details

Name:	00000004.00000003.2169053664.00000000020A0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20A0000
Size:	4096

Details

Name:	00000004.00000003.2169109390.0000000004840000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4840000
Size:	425984

Details

Name:	00000004.00000002.2169386611.000000000019B000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	19B000
Size:	4096

Details

Name:	00000004.00000002.2169743745.0000000000922000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	922000
Size:	122880

Details

Name:	00000008.00000003.2170102963.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	4096

Details

Name:	00000008.00000003.2169928957.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	00000009.00000002.2204739800.0000000000570000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	570000
Size:	12288

Details

Name:	00000004.00000002.2169403381.00000000002B0000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2B0000
Size:	61440

Details

Name:	00000008.00000002.2379660754.0000000000200000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	200000
Size:	16384

Details

Name:	00000004.00000002.2170011365.00000000023F3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23F3000
Size:	4096

Details

Name:	00000008.00000002.2379646597.00000000001F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	24576

Details

Name:	00000004.00000002.2174898586.00000000050E0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50E0000
Size:	421888

Details

Name:	00000009.00000002.2204709923.0000000000500000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	500000
Size:	16384

Details

Name:	00000008.00000003.2169946369.00000000003E6000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E6000
Size:	8192

Details

Name:	00000009.00000002.2209399153.00000000060CE000.00000104.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	60CE000
Size:	4096

Details

Name:	0000000C.00000002.2217578415.0000000002194000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2194000
Size:	4096

Details

Name:	00000004.00000002.2169349027.000000000016D000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16D000
Size:	4096

Details

Name:	00000008.00000002.2379944815.0000000000AD0000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	AD0000
Size:	376832

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	00000009.00000002.2204822221.0000000000626000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	626000
Size:	8192

Details

Name:	0000000C.00000003.2205030570.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	16384

Details

Name:	0000000C.00000002.2218253924.00000000048F0000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	48F0000
Size:	2957312

Details

Name:	00000008.00000000.2168463940.00000000107BE000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000009.00000003.2200560644.00000000057D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	57D0000
Size:	4096

Details

Name:	00000004.00000002.2180609278.000000000578E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	578E000
Size:	8192

Details

Name:	0000000C.00000002.2217475257.000000000059E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	59E000
Size:	8192

Details

Name:	00000009.00000003.2199589979.00000000006FC000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6FC000
Size:	16384

Details

Name:	00000009.00000002.2209520289.000000001010E000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010E000
Size:	16384

Details

Name:	00000008.00000002.2379729598.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	40960

Details

Name:	0000000C.00000003.2204868604.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	40960

Details

Name:	00000008.00000002.2379928965.000000000090B000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	90B000
Size:	73728

Details

Name:	00000004.00000003.2163648527.0000000000530000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	65536

Details

Name:	00000009.00000001.2198416719.0000000010050000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	00000004.00000003.2163708135.0000000002020000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2020000
Size:	65536

Details

Name:	00000004.00000002.2169709062.00000000008F1000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	8F1000
Size:	167936

Details

Name:	00000004.00000002.2169513353.00000000004CE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CE000
Size:	8192

Details

Name:	00000004.00000002.2169844014.00000000021C0000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	21C0000
Size:	4096

Details

Name:	00000009.00000002.2204980512.00000000008F0000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8F0000
Size:	24576

Details

Name:	00000004.00000002.2173636715.0000000004D10000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4D10000
Size:	4096

Details

Name:	00000008.00000002.2379889817.000000000088C000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	88C000
Size:	516096

Details

Name:	00000004.00000002.2169389500.000000000020A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20A000
Size:	24576

Details

Name:	00000004.00000000.2162021687.00000000107A8000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000004.00000002.2169574202.00000000005E0000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5E0000
Size:	61440

Details

Name:	00000009.00000002.2209367459.00000000058DE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	58DE000
Size:	8192

Details

Name:	0000000C.00000002.2218641337.000000000518F000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	518F000
Size:	4096

Details

Name:	00000004.00000002.2169564586.00000000005A2000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5A2000
Size:	8192

Details

Name:	0000000C.00000002.2217275166.000000000020A000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	20A000
Size:	4096

Details

Name:	00000008.00000002.2381110469.000000000489F000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	489F000
Size:	4096

Details

Name:	00000008.00000003.2171323053.00000000003F6000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F6000
Size:	8192

Details

Name:	00000004.00000000.2162025451.00000000107AB000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	00000004.00000002.2169556676.0000000000580000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	580000
Size:	4096

Details

Name:	00000008.00000003.2171734939.0000000000560000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	65536

Details

Name:	0000000C.00000002.2217584318.00000000021B2000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	21B2000
Size:	12288

Details

Name:	00000009.00000003.2199505557.00000000007B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7B0000
Size:	65536

Details

Name:	00000009.00000002.2206442258.0000000004840000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4840000
Size:	4096

Details

Name:	00000009.00000002.2209383117.0000000005BDE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5BDE000
Size:	8192

Details

Name:	00000009.00000002.2204577292.0000000000210000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	210000
Size:	421888

Details

Name:	00000004.00000002.2172039383.00000000048E0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	48E0000
Size:	8192

Details

Name:	00000008.00000003.2169739172.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	20480

Details

Name:	0000000C.00000002.2218731581.00000000100FB000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	100FB000
Size:	8192

Details

Name:	00000008.00000002.2382692453.0000000005AA0000.00000008.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	5AA0000
Size:	786432

Details

Name:	00000009.00000002.2209403344.00000000060CF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	60CF000
Size:	4096

Details

Name:	00000009.00000003.2199583592.00000000006F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6F0000
Size:	32768

Details

Name:	0000000C.00000002.2217271666.0000000000207000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	207000
Size:	4096

Details

Name:	00000009.00000002.2204695736.00000000004B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	16384

Details

Name:	00000009.00000002.2206854650.0000000004BE0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4BE0000
Size:	421888

Details

Name:	00000008.00000002.2379718245.00000000003C0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	8192

Details

Name:	0000000C.00000002.2217549426.0000000000875000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	875000
Size:	36864

Details

Name:	00000008.00000002.2383366347.00000000107AB000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	0000000C.00000002.2217348603.0000000000450000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	65536

Details

Name:	0000000C.00000003.2204676622.00000000005A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A0000
Size:	28672

Details

Name:	00000008.00000002.2381238511.0000000004950000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4950000
Size:	2957312

Details

Name:	00000007.00000002.2167692324.0000000010702000.00000020.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000008.00000003.2170083683.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	0000000C.00000002.2217569888.000000000212F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	212F000
Size:	4096

Details

Name:	00000008.00000003.2169375274.0000000000250000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	28672

Details

Name:	00000009.00000002.2209508348.00000000100FB000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	100FB000
Size:	8192

Details

Name:	00000009.00000002.2204830383.0000000000630000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	630000
Size:	401408

Details

Name:	00000008.00000002.2381935211.000000000506F000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	506F000
Size:	4096

Details

Name:	00000008.00000002.2380747692.0000000004310000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4310000
Size:	2945024

Details

Name:	0000000C.00000002.2218624309.0000000004D70000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4D70000
Size:	8192

Details

Name:	0000000C.00000002.2217401615.00000000004A0000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4A0000
Size:	12288

Details

Name:	00000004.00000002.2173678492.0000000004D2D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4D2D000
Size:	8192

Details

Name:	00000008.00000003.2172359272.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	12288

Details

Name:	00000004.00000003.2164956326.0000000005540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5540000
Size:	4096

Details

Name:	00000008.00000002.2379737240.0000000000400000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000009.00000002.2204713949.0000000000520000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	520000
Size:	8192

Details

Name:	00000008.00000003.2169875931.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	00000009.00000002.2204552623.00000000000FD000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	FD000
Size:	4096

Details

Name:	00000009.00000002.2206258986.00000000046C0000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	46C0000
Size:	913408

Details

Name:	00000009.00000002.2205864916.00000000043F0000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	43F0000
Size:	2945024

Details

Name:	00000008.00000002.2382084526.0000000005280000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5280000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking,

Details

Name:	00000008.00000002.2382914608.0000000005F2E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5F2E000
Size:	8192

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	00000008.00000003.2171308393.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	20480

Details

Name:	00000008.00000003.2180117692.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	32768

Details

Name:	00000009.00000003.2199664040.0000000000510000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	45056

Details

Name:	00000009.00000002.2204645465.00000000002C8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2C8000
Size:	4096

Details

Name:	00000008.00000000.2168451757.00000000107AB000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	0000000C.00000002.2217643001.0000000003231000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3231000
Size:	24576

Details

Name:	00000008.00000003.2169979692.00000000003E8000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E8000
Size:	16384

Details

Name:	00000008.00000003.2172140921.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	8192

Details

Name:	00000009.00000002.2204730487.0000000000554000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	554000
Size:	110592

Details

Name:	00000004.00000002.2180898769.000000007EFDF000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000C.00000002.2218618176.0000000004D4E000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4D4E000
Size:	8192

Details

Name:	00000008.00000003.2169425436.0000000000250000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	20480

Details

Name:	00000009.00000002.2204922856.000000000081E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	81E000
Size:	8192

Details

Name:	00000004.00000002.2169434478.00000000002E0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2E0000
Size:	65536

Details

Name:	00000009.00000002.2204631583.000000000028A000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	28A000
Size:	4096

Details

Name:	00000008.00000002.2380544856.00000000030B1000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	30B1000
Size:	28672

Details

Name:	00000008.00000002.2381223651.0000000004932000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4932000
Size:	16384

Details

Name:	00000008.00000002.2379589340.0000000000130000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	130000
Size:	53248

Details

Name:	00000008.00000002.2382954157.000000000620E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	620E000
Size:	8192

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	00000009.00000002.2204934176.00000000008E0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	8E0000
Size:	24576

Details

Name:	0000000C.00000003.2204692643.00000000005A5000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A5000
Size:	8192

Details

Name:	00000004.00000002.2169520306.000000000050C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50C000
Size:	16384

Details

Name:	00000004.00000002.2169596400.00000000007E0000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7E0000
Size:	12288

Details

Name:	0000000C.00000002.2217368429.0000000000460000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	460000
Size:	16384

Details

Name:	00000008.00000002.2383353021.00000000107A8000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000004.00000002.2172080589.0000000004A2E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4A2E000
Size:	8192

Details

Name:	00000009.00000002.2209387857.0000000005CFE000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5CFE000
Size:	8192

Details

Name:	00000008.00000003.2171844874.0000000000560000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	28672

Details

Name:	00000008.00000003.2172030246.0000000000560000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	4096

Details

Name:	00000004.00000002.2169545796.0000000000529000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	529000
Size:	28672

Details

Name:	00000008.00000003.2171838178.0000000000560000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	16384

Details

Name:	00000004.00000002.2169606177.00000000007F0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7F0000
Size:	8192

Details

Name:	00000009.00000000.2198257280.0000000010052000.00000020.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	10052000
Size:	679936

Details

Name:	00000004.00000003.2166830297.00000000020B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20B0000
Size:	65536

Details

Name:	0000000C.00000002.2218629302.0000000004F1E000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4F1E000
Size:	8192

Details

Name:	00000008.00000002.2382066418.000000000527C000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	527C000
Size:	16384

Details

Name:	00000004.00000002.2169738792.000000000091B000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	91B000
Size:	16384

Details

Name:	00000008.00000003.2171271444.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	12288

Details

Name:	00000009.00000000.2198347773.00000000100F8000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	100F8000
Size:	4096

Details

Name:	00000009.00000003.2199555241.0000000000720000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	720000
Size:	65536

Details

Name:	0000000C.00000003.2204683819.00000000005A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A0000
Size:	16384

Details

Name:	0000000C.00000002.2218146419.0000000004810000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4810000
Size:	913408

Details

Name:	0000000C.00000002.2217535323.000000000084E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	84E000
Size:	8192

Details

Name:	0000000C.00000002.2217574439.0000000002190000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2190000
Size:	4096

Details

Name:	0000000C.00000002.2217408232.00000000004AD000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4AD000
Size:	376832

Details

Name:	00000004.00000002.2169770914.0000000002030000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2030000
Size:	4096

Details

Name:	00000004.00000003.2163766366.0000000001ED0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1ED0000
Size:	65536

Details

Name:	00000008.00000002.2379569361.0000000000110000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	8192

Details

Name:	00000009.00000002.2206435852.000000000483C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	483C000
Size:	16384

Details

Name:	00000004.00000003.2163815449.0000000000570000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	570000
Size:	65536

Details

Name:	00000004.00000002.2180881188.00000000107BE000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000009.00000000.2198371250.000000001010E000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010E000
Size:	16384

Details

Name:	00000009.00000002.2207681521.0000000004F80000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F80000
Size:	561152

Details

Name:	00000008.00000003.2170096540.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	8192

Details

Name:	00000009.00000002.2209348003.00000000056BE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	56BE000
Size:	8192

Details

Name:	00000004.00000001.2162162416.0000000010700000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000008.00000002.2382014646.000000000511E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	511E000
Size:	8192

Details

Name:	00000004.00000002.2169383191.0000000000197000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	197000
Size:	4096

Details

Name:	00000004.00000003.2169228395.00000000000F0000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	F0000
Size:	4096

Details

Name:	00000008.00000002.2379762972.0000000000422000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	00000004.00000000.2162029524.00000000107BC000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	00000004.00000002.2169622602.0000000000847000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	847000
Size:	8192

Details

Name:	00000004.00000002.2173881268.0000000004FE0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4FE0000
Size:	446464

Details

Name:	00000008.00000002.2379809109.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	12288

Details

Name:	00000004.00000002.2169502492.000000000047E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47E000
Size:	8192

Details

Name:	0000000C.00000002.2217375115.0000000000467000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	467000
Size:	4096

Details

Name:	00000009.00000002.2204927650.0000000000890000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	890000
Size:	4096

Details

Name:	00000008.00000003.2169676028.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	40960

Details

Name:	0000000C.00000002.2217180218.0000000000080000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	80000
Size:	421888

Details

Name:	00000008.00000002.2382637071.000000000574E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	574E000
Size:	8192

Details

Name:	0000000C.00000003.2205035354.0000000000676000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	676000
Size:	8192

Details

Name:	00000009.00000002.2204826507.000000000062B000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	62B000
Size:	20480

Details

Name:	00000009.00000002.2204908307.0000000000740000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	740000
Size:	16384

Details

Name:	00000008.00000002.2379813557.0000000000560000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	16384

Details

Name:	0000000C.00000002.2217511271.0000000000690000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	690000
Size:	12288

Details

Name:	00000008.00000001.2168991937.0000000010700000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000008.00000003.2171920058.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	24576

Details

Name:	00000008.00000002.2380040977.0000000002102000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2102000
Size:	913408

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	00000004.00000002.2169353271.0000000000170000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	170000
Size:	4096

Details

Name:	0000000C.00000002.2217283261.000000000021B000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	21B000
Size:	4096

Details

Name:	00000008.00000000.2168445867.00000000107A8000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000004.00000003.2162754019.00000000002E0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2E0000
Size:	24576

Details

Name:	0000000C.00000002.2217251124.00000000001E4000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1E4000
Size:	4096

Details

Name:	0000000C.00000002.2218649835.0000000010050000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	00000004.00000003.2163789980.00000000005D0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	65536

Details

Name:	00000004.00000002.2180603776.000000000565E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	565E000
Size:	8192

Details

Name:	00000004.00000002.2169346320.0000000000164000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	164000
Size:	4096

Details

Name:	00000008.00000003.2171428457.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	40960

Details

Name:	00000008.00000003.2169389170.0000000000255000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	255000
Size:	8192

Details

Name:	00000009.00000002.2204542040.00000000000E0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E0000
Size:	8192

Details

Name:	00000004.00000002.2172025394.00000000047C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	4096

Details

Name:	00000008.00000003.2171512146.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	40960

Details

Name:	00000008.00000002.2379999023.0000000001F0E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0E000
Size:	8192

Details

Name:	00000009.00000003.2199407947.0000000000520000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	8192

Details

Name:	00000009.00000003.2199595356.00000000006A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6A0000
Size:	65536

Details

Name:	00000008.00000002.2381911950.0000000004FFE000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4FFE000
Size:	8192

Details

Name:	00000009.00000002.2204655277.00000000003F0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3F0000
Size:	57344

Details

Name:	0000000C.00000002.2218725661.00000000100F8000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	100F8000
Size:	4096

Details

Name:	00000008.00000002.2379882592.0000000000880000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	880000
Size:	45056

Details

Name:	00000004.00000002.2169957718.00000000023BF000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23BF000
Size:	4096

Details

Name:	00000009.00000002.2204818011.0000000000622000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	622000
Size:	8192

Details

Name:	00000008.00000003.2171261690.00000000003F5000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F5000
Size:	8192

Details

Name:	00000004.00000000.2161935329.0000000010700000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000004.00000002.2169946727.00000000022BE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22BE000
Size:	8192

Details

Name:	0000000C.00000002.2217246728.00000000001E3000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1E3000
Size:	4096

Details

Name:	00000004.00000003.2166840866.00000000020A0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20A0000
Size:	65536

Details

Name:	00000008.00000002.2381071995.000000000464F000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	464F000
Size:	4096

Details

Name:	00000008.00000002.2379701894.0000000000270000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	270000
Size:	8192

Details

Name:	00000009.00000002.2209500213.00000000100F8000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	100F8000
Size:	4096

Details

Name:	00000008.00000002.2380627018.0000000003930000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3930000
Size:	167936

Details

Name:	00000004.00000002.2170016886.00000000023F5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23F5000
Size:	40960

Details

Name:	00000004.00000002.2169642419.000000000088A000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	88A000
Size:	4096

Details

Name:	0000000C.00000000.2203772415.00000000100F8000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	100F8000
Size:	4096

Details

Name:	00000008.00000003.2171813623.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	16384

Details

Name:	00000009.00000003.2199514713.00000000007A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7A0000
Size:	65536

Details

Name:	00000004.00000002.2169290206.0000000000080000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	80000
Size:	421888

Details

Name:	00000004.00000002.2169552526.0000000000540000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	540000
Size:	8192

Details

Name:	00000008.00000002.2380012195.00000000020AF000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20AF000
Size:	4096

Details

Name:	00000004.00000002.2169537879.0000000000520000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	520000
Size:	24576

Details

Name:	00000009.00000003.2199633314.0000000000510000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	4096

Details

Name:	0000000C.00000000.2203783576.000000001010E000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010E000
Size:	16384

Details

Name:	00000008.00000002.2379612524.0000000000150000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	150000
Size:	20480

Details

Name:	00000004.00000003.2163834698.000000000056C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56C000
Size:	16384

Details

Name:	00000009.00000002.2204668381.0000000000410000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	410000
Size:	65536

Details

Name:	00000009.00000000.2198354213.00000000100FB000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	100FB000
Size:	8192

Details

Name:	00000008.00000002.2383412377.00000000107BE000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000009.00000002.2204916274.00000000007C0000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7C0000
Size:	16384

Details

Name:	0000000C.00000003.2205063572.0000000000678000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	678000
Size:	16384

Details

Name:	0000000C.00000002.2218757452.000000007EFDF000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000008.00000003.2169974885.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	28672

Details

Name:	00000009.00000002.2208099230.00000000050BE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50BE000
Size:	8192

Details

Name:	0000000C.00000000.2203708079.0000000010052000.00000020.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	10052000
Size:	679936

Details

Name:	00000008.00000002.2382861279.0000000005D7E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5D7E000
Size:	8192

Details

Name:	00000008.00000003.2169939777.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	00000009.00000002.2205853721.00000000042CF000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	42CF000
Size:	4096

Details

Name:	00000008.00000003.2174765990.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	16384

Details

Name:	00000004.00000002.2171782864.0000000004690000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4690000
Size:	913408

Details

Name:	00000008.00000002.2379508881.0000000000080000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	80000
Size:	421888

Details

Name:	00000008.00000003.2171637662.0000000000535000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	535000
Size:	8192

Details

Name:	0000000C.00000002.2217381165.0000000000484000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	484000
Size:	110592

Details

Name:	0000000C.00000002.2217591700.00000000021F0000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	21F0000
Size:	4096

Details

Name:	00000008.00000003.2169788341.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	8192

Details

Name:	00000008.00000002.2379598288.000000000013D000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	13D000
Size:	4096

Details

Name:	00000004.00000002.2180873133.00000000107AB000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	00000004.00000002.2169368908.000000000017D000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	17D000
Size:	4096

Details

Name:	0000000C.00000002.2217484677.00000000005E0000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5E0000
Size:	8192

Details

Name:	00000004.00000003.2164970834.0000000005540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5540000
Size:	4096

Details

Name:	00000004.00000002.2173778208.0000000004E50000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4E50000
Size:	4096

Details

Name:	00000009.00000002.2204705306.00000000004FD000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4FD000
Size:	12288

Details

Name:	00000009.00000002.2204555865.0000000000100000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	100000
Size:	4096

Details

Name:	00000004.00000002.2180681365.0000000010700000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000004.00000002.2170940305.00000000043C0000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	43C0000
Size:	2945024

Details

Name:	00000008.00000002.2379563374.0000000000100000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	100000
Size:	4096

Details

Name:	00000009.00000003.2199535165.0000000000740000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	740000
Size:	65536

Details

Name:	00000004.00000002.2180652889.0000000005A8E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5A8E000
Size:	8192

Details

Name:	00000004.00000002.2180878046.00000000107BC000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	00000009.00000002.2204570330.0000000000207000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	207000
Size:	36864

Details

Name:	0000000C.00000002.2217516187.0000000000710000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	710000
Size:	12288

Details

Name:	00000008.00000002.2380003677.0000000001F7D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F7D000
Size:	12288

Details

Name:	00000009.00000002.2204746658.000000000057D000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	57D000
Size:	126976

Details

Name:	00000007.00000002.2167688075.0000000010700000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000004.00000002.2180670176.0000000005E5E000.00000104.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	5E5E000
Size:	4096

Details

Name:	00000009.00000002.2204545700.00000000000F3000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	F3000
Size:	4096

Details

Name:	0000000C.00000002.2217255619.00000000001ED000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1ED000
Size:	4096

Details

Name:	00000008.00000002.2379864194.0000000000847000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	847000
Size:	8192

Details

Name:	00000008.00000002.2379827098.00000000005C0000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	5C0000
Size:	12288

Details

Name:	00000004.00000003.2163851823.0000000000540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	65536

Details

Name:	00000009.00000003.2199564652.0000000000710000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	710000
Size:	65536

Details

Name:	00000009.00000002.2204726911.000000000053A000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	53A000
Size:	4096

Details

Name:	0000000C.00000003.2204954489.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	8192

Details

Name:	00000004.00000003.2163775663.00000000007F0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7F0000
Size:	65536

Details

Name:	00000009.00000003.2202899040.0000000002010000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2010000
Size:	65536

Details

Name:	00000008.00000003.2171457811.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	28672

Details

Name:	0000000C.00000000.2203699468.0000000010050000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	0000000C.00000002.2217479909.00000000005DE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5DE000
Size:	8192

Details

Name:	0000000C.00000003.2204897050.0000000000680000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	680000
Size:	57344

Details

Name:	00000008.00000002.2381893544.0000000004F50000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4F50000
Size:	8192

Details

Name:	00000004.00000002.2180566055.0000000005540000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5540000
Size:	417792

Details

Name:	0000000C.00000002.2218613083.0000000004C1E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C1E000
Size:	8192

Details

Name:	00000004.00000002.2174813621.0000000005050000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5050000
Size:	40960

Details

Name:	0000000C.00000002.2217340786.0000000000440000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	440000
Size:	20480

Details

Name:	00000009.00000002.2204687127.0000000000460000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	460000
Size:	4096

Details

Name:	00000009.00000002.2207635506.0000000004E20000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4E20000
Size:	4096

Details

Name:	00000009.00000002.2207228528.0000000004C90000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4C90000
Size:	8192

Details

Name:	00000008.00000003.2169869750.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	8192

Details

Name:	00000008.00000003.2171956264.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	20480

Details

Name:	00000004.00000002.2169425089.00000000002D0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2D0000
Size:	65536

Details

Name:	00000009.00000002.2204642323.000000000029B000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	29B000
Size:	4096

Details

Name:	0000000C.00000002.2217564481.0000000000A60000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	A60000
Size:	12288

Details

Name:	00000004.00000002.2172017688.00000000047BC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47BC000
Size:	16384

Details

Name:	00000009.00000002.2204990194.0000000000A70000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	A70000
Size:	12288

Details

Name:	00000009.00000002.2208140230.0000000005100000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5100000
Size:	40960

Details

Name:	00000008.00000002.2379937916.000000000091E000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	91E000
Size:	36864

Details

Name:	00000004.00000003.2163721308.0000000002010000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2010000
Size:	65536

Details

Name:	00000008.00000002.2382972488.000000000638E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	638E000
Size:	8192

Details

Name:	00000009.00000002.2205859172.00000000043ED000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	43ED000
Size:	12288

Details

Name:	00000009.00000003.2202891511.0000000002020000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2020000
Size:	24576

Details

Name:	00000004.00000003.2163733818.0000000002000000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2000000
Size:	65536

Details

Name:	00000004.00000002.2170317648.00000000033C1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	33C1000
Size:	28672

Details

Name:	00000008.00000002.2379637169.00000000001E0000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1E0000
Size:	65536

Details

Name:	00000008.00000003.2171963689.0000000000556000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	556000
Size:	8192

Details

Name:	0000000C.00000002.2218655215.0000000010052000.00000020.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10052000
Size:	679936

Details

Name:	00000008.00000002.2379711075.00000000003B6000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3B6000
Size:	40960

Details

Name:	00000004.00000003.2164094048.0000000000540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	16384

Details

Name:	00000008.00000003.2169745526.00000000003E6000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E6000
Size:	40960

Details

Name:	00000008.00000002.2379681348.0000000000240000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	240000
Size:	65536

Details

Name:	00000007.00000000.2167519953.0000000010700000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000008.00000003.2171828761.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	49152

Details

Name:	00000008.00000003.2171664799.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	20480

Details

Name:	00000008.00000002.2381844003.0000000004C6D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C6D000
Size:	12288

Details

Name:	00000008.00000002.2379630783.00000000001CA000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1CA000
Size:	24576

Details

Name:	00000008.00000002.2380128377.00000000021E2000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	21E2000
Size:	446464

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	0000000C.00000002.2218644819.000000000536E000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	536E000
Size:	8192

Details

Name:	00000008.00000002.2383392456.00000000107BC000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	00000009.00000003.2199613423.0000000000510000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	65536

Details

Name:	00000004.00000002.2169507212.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	12288

Details

Name:	00000009.00000002.2204628363.0000000000287000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	287000
Size:	4096

Details

Name:	00000009.00000002.2205812671.000000000417C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	417C000
Size:	16384

Details

Name:	00000008.00000002.2380735478.00000000041EE000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	41EE000
Size:	8192

Details

Name:	00000004.00000000.2161943941.0000000010702000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000004.00000002.2169339488.0000000000150000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	150000
Size:	8192

Details

Name:	00000008.00000002.2381948323.00000000050DD000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50DD000
Size:	12288

Details

Name:	00000004.00000002.2169773977.0000000002070000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2070000
Size:	196608

Details

Name:	00000007.00000001.2167681300.0000000010700000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000008.00000002.2379574723.0000000000123000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	123000
Size:	4096

Details

Name:	00000004.00000002.2175017889.0000000005150000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5150000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking,

Details

Name:	0000000C.00000002.2217495659.0000000000610000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	8192

Details

Name:	00000009.00000003.2202935527.00000000008D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8D0000
Size:	65536

Details

Name:	00000004.00000002.2169449674.00000000002F0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2F0000
Size:	16384

Details

Name:	00000008.00000002.2380648955.00000000040B0000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	40B0000
Size:	913408

Details

Name:	00000004.00000003.2163640261.0000000000540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	8192

Details

Name:	00000004.00000002.2180648612.000000000597E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	597E000
Size:	8192

Details

Name:	00000008.00000003.2169567400.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	4096

Details

Name:	00000009.00000000.2198251363.0000000010050000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	00000009.00000002.2204566273.000000000010D000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	10D000
Size:	4096

Details

Name:	00000004.00000002.2169827685.00000000021BF000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	00000004.00000002.2169584660.0000000000660000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	660000
Size:	24576

Details

Name:	0000000C.00000002.2217267879.00000000001FD000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1FD000
Size:	4096

Details

Name:	00000008.00000002.2379607932.000000000014A000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	14A000
Size:	8192

Details

Name:	00000008.00000003.2171283084.0000000000525000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	525000
Size:	4096

Details

Name:	00000004.00000000.2162032585.00000000107BE000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000008.00000002.2379580109.0000000000124000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	124000
Size:	4096

Details

Name:	00000004.00000003.2162991245.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	16384

Details

Name:	00000007.00000002.2167787430.00000000107BE000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BE000
Size:	16384

Details

Name:	00000009.00000002.2204690265.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	12288

Details

Name:	0000000C.00000002.2217556941.00000000008E0000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8E0000
Size:	24576

Details

Name:	0000000C.00000002.2217530457.00000000007FE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7FE000
Size:	8192

Details

Name:	0000000C.00000003.2204723316.00000000005A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A0000
Size:	20480

Details

Name:	00000008.00000003.2174670110.00000000005D2000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D2000
Size:	49152

Details

Name:	00000008.00000002.2379706526.0000000000280000.00000040.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	280000
Size:	4096

Details

Name:	0000000C.00000002.2218637661.000000000507F000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	507F000
Size:	4096

Details

Name:	0000000C.00000002.2217279741.0000000000217000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	217000
Size:	4096

Details

Name:	00000008.00000000.2168458171.00000000107BC000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	0000000C.00000003.2205057906.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	28672

Details

Name:	00000008.00000003.2171990602.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	12288

Details

Name:	00000009.00000003.2199604842.0000000000520000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	65536

Details

Name:	0000000C.00000003.2205052022.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	16384

Details

Name:	00000008.00000003.2171938974.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	16384

Details

Name:	00000004.00000002.2169610881.000000000083E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	83E000
Size:	8192

Details

Name:	00000009.00000002.2204533380.0000000000020000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000004.00000002.2169615369.0000000000840000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	840000
Size:	16384

Details

Name:	00000008.00000002.2379852410.0000000000800000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	800000
Size:	12288

Details

Name:	00000009.00000002.2204878537.0000000000720000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	720000
Size:	28672

Details

Name:	00000008.00000003.2170007252.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	36864

Details

Name:	00000004.00000002.2169371607.0000000000187000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	187000
Size:	4096

Details

Name:	0000000C.00000002.2217500150.0000000000620000.00000008.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	620000
Size:	20480

Details

Name:	00000008.00000002.2381117085.00000000048A0000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	48A0000
Size:	401408

Details

Name:	00000008.00000002.2379843166.0000000000680000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	680000
Size:	24576

Details

Name:	00000009.00000002.2209355215.00000000057CF000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	57CF000
Size:	4096

Details

Name:	00000004.00000002.2169416907.00000000002C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2C0000
Size:	61440

Details

Name:	00000009.00000002.2204957654.00000000008E9000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	8E9000
Size:	28672

Details

Name:	00000008.00000002.2382049182.0000000005120000.00000040.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	5120000
Size:	4096

Details

Name:	0000000C.00000003.2204805863.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	4096

Details

Name:	00000004.00000002.2169766682.0000000002010000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2010000
Size:	16384

Details

Name:	00000004.00000002.2180643569.000000000585E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	585E000
Size:	8192

Details

Name:	00000007.00000000.2167621386.00000000107BC000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	00000008.00000000.2168344319.0000000010700000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	00000004.00000002.2169343048.0000000000163000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	163000
Size:	4096

Details

Name:	00000009.00000002.2205034256.000000000214C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	214C000
Size:	94208

Details

Name:	00000008.00000003.2171997531.00000000005C0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C0000
Size:	65536

Details

Name:	00000008.00000002.2381200308.0000000004914000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4914000
Size:	4096

Details

Name:	00000009.00000002.2206845104.0000000004B60000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B60000
Size:	4096

Details

Name:	00000008.00000002.2379695649.0000000000260000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	260000
Size:	28672

Details

Name:	0000000C.00000003.2205023115.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	16384

Details

Name:	00000009.00000002.2204661825.0000000000400000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	400000
Size:	61440

Details

Name:	0000000C.00000003.2204913050.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	20480

Details

Name:	00000004.00000002.2180637853.00000000057FE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	57FE000
Size:	8192

Details

Name:	0000000C.00000002.2217521490.000000000076E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	76E000
Size:	8192

Details

Name:	00000004.00000002.2169560106.0000000000584000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	584000
Size:	4096

Details

Name:	00000008.00000002.2381088622.00000000047FD000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47FD000
Size:	12288

Details

Name:	00000004.00000003.2164964122.0000000005540000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5540000
Size:	4096

Details

Name:	00000008.00000003.2171550980.0000000000548000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	548000
Size:	32768

Details

Name:	00000004.00000003.2163841988.0000000000550000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	65536

Details

Name:	00000004.00000002.2180686603.0000000010702000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000008.00000003.2171348835.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	00000008.00000002.2380552637.00000000030D9000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	30D9000
Size:	40960

Details

Name:	00000004.00000003.2163864342.0000000000530000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	65536

Details

Name:	00000008.00000002.2383025100.0000000010700000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10700000
Size:	4096

Details

Name:	0000000C.00000002.2218634094.0000000004F20000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4F20000
Size:	4096

Details

Name:	00000008.00000002.2379652918.00000000001F7000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F7000
Size:	36864

Details

Name:	0000000C.00000002.2217544660.0000000000857000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	857000
Size:	4096

Details

Name:	0000000C.00000003.2205002699.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	65536

Details

Name:	00000009.00000002.2205376700.0000000003131000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3131000
Size:	28672

Details

Name:	00000008.00000003.2171529379.0000000000540000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	28672

Details

Name:	00000008.00000003.2171820566.0000000000556000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	556000
Size:	8192

Details

Name:	00000008.00000003.2169886232.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	65536

Details

Name:	00000004.00000002.2169469987.00000000003F8000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	3F8000
Size:	32768

Details

Name:	0000000C.00000002.2217725255.0000000004540000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4540000
Size:	2945024

Details

Name:	00000004.00000002.2169987791.00000000023DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23DD000
Size:	86016

Details

Name:	00000008.00000002.2379626270.000000000016B000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16B000
Size:	4096

Details

Name:	00000008.00000002.2380180059.0000000002278000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2278000
Size:	4100096

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion,	Process Injection Process Discovery

Details

Name:	00000004.00000002.2169285539.0000000000020000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000008.00000002.2379723092.00000000003D0000.00000008.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	3D0000
Size:	20480

Details

Name:	00000009.00000002.2208223097.000000000528E000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	528E000
Size:	8192

Details

Name:	00000008.00000003.2171871142.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	36864

Details

Name:	00000004.00000003.2163947891.0000000000530000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	45056

Details

Name:	00000008.00000002.2379777043.000000000047E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47E000
Size:	8192

Details

Name:	00000008.00000003.2171774995.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	65536

Details

Name:	00000008.00000002.2379622085.0000000000167000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	167000
Size:	4096

Details

Name:	00000008.00000002.2381184903.0000000004910000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4910000
Size:	4096

Details

Name:	00000008.00000002.2379831898.0000000000600000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	600000
Size:	57344

Details

Name:	00000008.00000003.2171337925.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	8192

Details

Name:	00000008.00000003.2171927583.0000000000557000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	557000
Size:	12288

Details

Name:	0000000C.00000002.2217259555.00000000001F0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	53248

Details

Name:	00000008.00000000.2168354180.0000000010702000.00000020.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000009.00000000.2198365457.000000001010C000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010C000
Size:	4096

Details

Name:	00000009.00000002.2204997673.000000000212E000.00000104.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	212E000
Size:	4096

Details

Name:	00000007.00000002.2167753092.00000000107A8000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000008.00000002.2379557113.00000000000F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	F0000
Size:	4096

Details

Name:	00000009.00000002.2209514845.000000001010C000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010C000
Size:	4096

Details

Name:	00000009.00000003.2199470913.00000000008D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8D0000
Size:	49152

Details

Name:	00000004.00000002.2172107586.0000000004A30000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4A30000
Size:	2957312

Details

Name:	0000000C.00000001.2204324374.0000000010050000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	00000008.00000003.2170046086.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	4096

Details

Name:	0000000C.00000000.2203779891.000000001010C000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010C000
Size:	4096

Details

Name:	00000009.00000003.2199545433.0000000000730000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	730000
Size:	65536

Details

Name:	00000008.00000002.2382827829.0000000005B70000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5B70000
Size:	20480

Details

Name:	00000009.00000002.2209408884.0000000010050000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10050000
Size:	4096

Details

Name:	0000000C.00000003.2204702561.00000000005A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A0000
Size:	24576

Details

Name:	00000008.00000003.2171492433.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	28672

Details

Name:	00000009.00000002.2206451373.0000000004862000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4862000
Size:	8192

Details

Name:	00000008.00000002.2379822036.00000000005B0000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5B0000
Size:	20480

Details

Name:	00000008.00000003.2171804761.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	16384

Details

Name:	00000009.00000002.2204795580.00000000005E7000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5E7000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion,	Security Software Discovery

Details

Name:	00000009.00000003.2199523953.0000000000790000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	65536

Details

Name:	00000009.00000002.2204634774.0000000000292000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	292000
Size:	4096

Details

Name:	00000009.00000002.2209378216.0000000005B1E000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5B1E000
Size:	8192

Details

Name:	00000004.00000002.2180656922.0000000005AFD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5AFD000
Size:	12288

Details

Name:	00000008.00000003.2171599396.0000000000550000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	61440

Details

Name:	00000008.00000002.2379857827.0000000000840000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	840000
Size:	16384

Details

Name:	00000009.00000002.2204872983.00000000006EE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6EE000
Size:	8192

Details

Name:	00000004.00000002.2169377217.000000000018A000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	18A000
Size:	4096

Details

Name:	00000008.00000002.2383440438.000000007EFDF000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000009.00000002.2204718743.0000000000530000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	530000
Size:	16384

Details

Name:	00000008.00000003.2172009899.0000000000562000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	562000
Size:	57344

Details

Name:	0000000C.00000003.2204986741.0000000000680000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	680000
Size:	65536

Details

Name:	0000000C.00000002.2217719950.000000000453F000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	453F000
Size:	4096

Details

Name:	00000004.00000003.2163695207.0000000002070000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2070000
Size:	49152

Details

Name:	00000009.00000002.2208244482.0000000005290000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5290000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking,

Details

Name:	00000008.00000003.2174752930.00000000005D0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	4096

Details

Name:	00000009.00000002.2204722507.0000000000537000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	537000
Size:	8192

Details

Name:	00000004.00000002.2169758435.0000000001ED0000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1ED0000
Size:	16384

Details

Name:	00000009.00000003.2198824219.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	16384

Details

Name:	00000009.00000002.2206456308.0000000004880000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4880000
Size:	2957312

Details

Name:	0000000C.00000002.2217635829.000000000226A000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	226A000
Size:	4096

Details

Name:	00000009.00000002.2207670205.0000000004F7E000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4F7E000
Size:	8192

Details

Name:	00000008.00000003.2169383784.0000000000250000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	16384

Details

Name:	0000000C.00000003.2205071668.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	36864

Details

Name:	00000009.00000003.2199487704.00000000007D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7D0000
Size:	65536

Details

Name:	00000008.00000002.2379672460.0000000000225000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	225000
Size:	61440

Details

Name:	00000004.00000002.2169638689.0000000000880000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	880000
Size:	12288

Details

Name:	0000000C.00000002.2217525986.00000000007BE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7BE000
Size:	8192

Details

Name:	00000008.00000002.2379500836.0000000000020000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000007.00000002.2167783448.00000000107BC000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107BC000
Size:	4096

Details

Name:	00000004.00000002.2180868590.00000000107A8000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107A8000
Size:	4096

Details

Name:	00000008.00000002.2380536775.0000000002664000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2664000
Size:	20480

Details

Name:	00000004.00000002.2173818611.0000000004FDE000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4FDE000
Size:	8192

Details

Name:	00000009.00000003.2204482153.0000000000750000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	750000
Size:	4096

Details

Name:	00000009.00000002.2204537429.000000000009B000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9B000
Size:	20480

Details

Name:	00000008.00000003.2171853341.0000000000568000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	568000
Size:	16384

Details

Name:	00000008.00000003.2169954063.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	49152

Details

Name:	0000000C.00000002.2217506032.000000000066C000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	66C000
Size:	16384

Details

Name:	00000004.00000002.2169569226.00000000005D0000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5D0000
Size:	28672

Details

Name:	00000004.00000003.2163827259.0000000000560000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	32768

Details

Name:	0000000C.00000002.2217714859.00000000043DE000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	43DE000
Size:	8192

Details

Name:	00000004.00000002.2173726205.0000000004E4E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E4E000
Size:	8192

Details

Name:	00000008.00000002.2381097725.0000000004820000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4820000
Size:	4096

Details

Name:	00000009.00000002.2204559368.0000000000102000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	102000
Size:	45056

Details

Name:	00000009.00000002.2204549226.00000000000F4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	F4000
Size:	4096

Details

Name:	00000008.00000003.2169966059.00000000003E0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	0000000C.00000002.2217227851.000000000012A000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	12A000
Size:	24576

Details

Name:	00000009.00000002.2204803221.0000000000607000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	607000
Size:	4096

Details

Name:	00000004.00000002.2169645230.000000000088C000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	88C000
Size:	253952

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion,	Security Software Discovery

Details

Name:	00000009.00000003.2199573976.0000000000700000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	700000
Size:	65536

Details

Name:	0000000C.00000002.2217539555.0000000000850000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	850000
Size:	16384

Details

Name:	00000009.00000002.2206446200.0000000004844000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4844000
Size:	4096

Details

Name:	0000000C.00000002.2218737764.000000001010C000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010C000
Size:	4096

Details

Name:	00000009.00000002.2204901449.0000000000730000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	730000
Size:	8192

Details

Name:	00000008.00000002.2379584848.000000000012D000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	12D000
Size:	4096

Details

Name:	00000004.00000002.2169626180.0000000000864000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	864000
Size:	110592

Details

Name:	0000000C.00000002.2217296115.00000000003F0000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3F0000
Size:	24576

Details

Name:	00000004.00000003.2163755376.0000000001EE0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1EE0000
Size:	65536

Details

Name:	00000009.00000002.2209373452.00000000059EE000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	59EE000
Size:	8192

Details

Name:	00000008.00000002.2379869613.0000000000864000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	864000
Size:	110592

Details

Name:	00000008.00000002.2381867797.0000000004F3C000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F3C000
Size:	16384

Details

Name:	00000009.00000002.2208189696.000000000518E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	518E000
Size:	8192

Details

Name:	00000009.00000003.2198706538.0000000000420000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	420000
Size:	24576

Details

Name:	00000009.00000002.2204648432.0000000000360000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	360000
Size:	61440

Details

Name:	00000009.00000002.2209392775.0000000005FBD000.00000004.00000010.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5FBD000
Size:	12288

Details

Name:	00000009.00000002.2204808826.0000000000609000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	609000
Size:	73728

Details

Name:	0000000C.00000002.2217287811.0000000000326000.00000004.00000010.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	326000
Size:	40960

Details

Name:	0000000C.00000002.2217242128.00000000001D0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1D0000
Size:	8192

Details

Name:	00000008.00000003.2171626072.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	16384

Details

Name:	00000004.00000003.2166822532.0000000002270000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2270000
Size:	24576

Details

Name:	00000008.00000003.2171717539.00000000005C0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C0000
Size:	8192

Details

Name:	0000000C.00000003.2204976932.00000000006A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6A0000
Size:	8192

Details

Name:	0000000C.00000002.2217175681.0000000000020000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000008.00000002.2379792375.0000000000520000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary,
Yara signature match	System Summary,

Details

Name:	00000004.00000002.2180660899.0000000005C2D000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C2D000
Size:	12288

Details

Name:	00000004.00000002.2180665187.0000000005D2E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5D2E000
Size:	8192

Details

Name:	00000004.00000002.2180674553.0000000005E5F000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5E5F000
Size:	4096

Details

Name:	00000008.00000002.2380164086.0000000002250000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2250000
Size:	151552

Details

Name:	00000008.00000002.2380741799.000000000430E000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	430E000
Size:	8192

Details

Name:	00000007.00000000.2167618466.00000000107AB000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	00000008.00000002.2380176599.0000000002276000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2276000
Size:	4096

Details

Name:	00000009.00000002.2207273953.0000000004DA0000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4DA0000
Size:	417792

Details

Name:	0000000C.00000002.2218742745.000000001010E000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1010E000
Size:	16384

Details

Name:	00000009.00000002.2207256914.0000000004CBD000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CBD000
Size:	8192

Details

Name:	00000004.00000003.2163744805.0000000001EF0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1EF0000
Size:	65536

Details

Name:	0000000C.00000003.2204921607.0000000000676000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	676000
Size:	40960

Details

Name:	00000009.00000003.2204381233.0000000000820000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	820000
Size:	425984

Details

Name:	00000007.00000002.2167778591.00000000107AB000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	107AB000
Size:	8192

Details

Name:	00000009.00000002.2204743666.000000000057A000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	57A000
Size:	4096

Details

Name:	00000008.00000002.2380008411.00000000020AE000.00000104.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	20AE000
Size:	4096

Details

Name:	00000004.00000002.2169763034.0000000001FFD000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	1FFD000
Size:	12288

Details

Name:	00000008.00000003.2169728490.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	57344

Details

Name:	00000009.00000002.2204675670.0000000000420000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	420000
Size:	65536

Details

Name:	0000000C.00000000.2203776064.00000000100FB000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	100FB000
Size:	8192

Details

Name:	00000004.00000003.2163803282.00000000005C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C0000
Size:	65536

Details

Name:	00000004.00000002.2169380128.0000000000192000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	192000
Size:	4096

Details

Name:	00000008.00000003.2169402337.0000000000250000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	24576

Details

Name:	0000000C.00000003.2205042536.0000000000670000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	49152

Details

Name:	00000009.00000002.2204638995.0000000000297000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	297000
Size:	4096

Details

Name:	00000004.00000002.2169526330.0000000000510000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	16384

Details

Name:	0000000C.00000002.2217488734.00000000005F0000.00000002.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5F0000
Size:	28672

Details

Name:	00000009.00000002.2204764570.000000000059E000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	59E000
Size:	290816

Details

Name:	00000007.00000000.2167529431.0000000010702000.00000020.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000009.00000002.2205006511.000000000212F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	212F000
Size:	4096

Details

Name:	00000009.00000003.2199496227.00000000007C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	65536

Details

Name:	00000008.00000003.2171945002.0000000000555000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	555000
Size:	8192

Details

Name:	0000000C.00000002.2217323252.0000000000422000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	00000008.00000003.2171583944.0000000000540000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	28672

Details

Name:	00000004.00000002.2169679504.00000000008CB000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	8CB000
Size:	77824

Details

Name:	0000000C.00000002.2217302746.0000000000400000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000004.00000002.2169849265.0000000002200000.00000002.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2200000
Size:	401408

Details

Name:	00000008.00000002.2379618009.0000000000162000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	162000
Size:	4096

Details

Name:	00000008.00000003.2171248968.00000000003F0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	16384

Details

Name:	00000009.00000003.2200578202.00000000057D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	57D0000
Size:	4096

Details

Name:	00000009.00000002.2209361316.000000000586E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	586E000
Size:	8192

Details

Name:	00000008.00000002.2382849415.0000000005C1D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5C1D000
Size:	12288

Details

Name:	00000008.00000002.2379603174.0000000000146000.00000040.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	146000
Size:	8192

Details

Name:	00000008.00000002.2382655918.000000000585D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	585D000
Size:	12288

Details

Name:	00000009.00000002.2205821331.0000000004180000.00000002.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4180000
Size:	196608

Details

Name:	00000008.00000003.2171564137.0000000000530000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	530000
Size:	8192

Details

Name:	00000008.00000002.2379690385.0000000000250000.00000002.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	250000
Size:	8192

Details

Name:	00000008.00000002.2383037421.0000000010702000.00000020.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10702000
Size:	679936

Details

Name:	00000009.00000002.2208080753.000000000500B000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	500B000
Size:	4096

Details

Name:	00000008.00000002.2382999319.000000000648D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	648D000
Size:	12288

Details

Name:	00000009.00000002.2209416007.0000000010052000.00000020.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10052000
Size:	679936

Details

Name:	00000008.00000002.2382675187.0000000005A9D000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5A9D000
Size:	12288

Details

Name:	00000009.00000003.2204333501.00000000008D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8D0000
Size:	4096

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps