Automated Malware Analysis IOC Report for

Details

Name:	00000003.00000002.782061449.00007FF52A3E4000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A3E4000
Size:	20480

Details

Name:	00000003.00000003.779212175.00000196CE11D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11D000
Size:	8192

Details

Name:	00000003.00000002.780866030.00000196CFE60000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CFE60000
Size:	32768

Details

Name:	00000000.00000002.883326751.00000000004C0000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4C0000
Size:	20480

Details

Name:	00000003.00000003.774750748.00000196D02CB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D02CB000
Size:	16384

Details

Name:	00000000.00000002.883678533.0000000002270000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2270000
Size:	12288

Details

Name:	00000003.00000002.781136961.00000196D023F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D023F000
Size:	12288

Details

Name:	00000003.00000002.780230442.00000196CE095000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE095000
Size:	122880

Details

Name:	00000003.00000002.781469747.00007FF52A0BB000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A0BB000
Size:	12288

Details

Name:	00000003.00000002.780887809.00000196CFEE0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFEE0000
Size:	8192

Details

Name:	00000003.00000002.779819955.000000408F9F9000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F9F9000
Size:	28672

Details

Name:	00000003.00000002.780961363.00000196D0120000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0120000
Size:	12288

Details

Name:	00000003.00000003.770159771.00000196CFEE0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFEE0000
Size:	4096

Details

Name:	00000003.00000002.780355803.00000196CE1A1000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE1A1000
Size:	4096

Details

Name:	00000003.00000002.781509542.00007FF52A121000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A121000
Size:	12288

Details

Name:	00000003.00000002.781738410.00007FF52A2EA000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2EA000
Size:	4096

Details

Name:	00000003.00000002.779539530.000000408EE7A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EE7A000
Size:	24576

Details

Name:	00000003.00000002.780968246.00000196D0127000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0127000
Size:	12288

Details

Name:	00000003.00000003.775113310.00000196D1110000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1110000
Size:	585728

Details

Name:	00000003.00000002.782033796.00007FF52A376000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A376000
Size:	8192

Details

Name:	00000003.00000003.775734558.00000196D1010000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1010000
Size:	737280

Details

Name:	00000003.00000002.781091594.00000196D01F3000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01F3000
Size:	28672

Details

Name:	00000003.00000002.779615150.000000408F17B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F17B000
Size:	20480

Details

Name:	00000003.00000002.780971901.00000196D0131000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0131000
Size:	16384

Details

Name:	00000003.00000002.781411440.00007FF529E62000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529E62000
Size:	4096

Details

Name:	00000003.00000002.781120943.00000196D0239000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0239000
Size:	8192

Details

Name:	00000003.00000002.781971393.00007FF52A354000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A354000
Size:	20480

Details

Name:	00000003.00000002.781556077.00007FF52A1FB000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A1FB000
Size:	4096

Details

Name:	00000003.00000002.781899149.00007FF52A337000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A337000
Size:	28672

Details

Name:	00000006.00000002.1159568438.000000000019C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	19C000
Size:	16384

Details

Name:	00000003.00000002.781434630.00007FF529FCA000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529FCA000
Size:	16384

Details

Name:	00000003.00000002.781786821.00007FF52A300000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A300000
Size:	16384

Details

Name:	00000003.00000002.781016322.00000196D0179000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0179000
Size:	49152

Details

Name:	00000003.00000003.772497774.00000196D0382000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0382000
Size:	217088

Details

Name:	00000003.00000000.765684306.00007FF52A3F2000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A3F2000
Size:	16384

Details

Name:	00000003.00000002.780978775.00000196D013E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D013E000
Size:	49152

Details

Name:	00000000.00000002.886728054.000000001DDBF000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	1DDBF000
Size:	4096

Details

Name:	00000003.00000003.776807996.00000196D1110000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1110000
Size:	741376

Details

Name:	00000003.00000003.772270421.00000196D1110000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1110000
Size:	540672

Details

Name:	00000003.00000002.780944366.00000196D0100000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0100000
Size:	86016

Details

Name:	00000003.00000002.781153740.00000196D0266000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0266000
Size:	4096

Details

Name:	00000003.00000002.781574990.00007FF52A24D000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A24D000
Size:	4096

Details

Name:	00000006.00000002.1159803764.000000000243D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	243D000
Size:	12288

Details

Name:	00000003.00000002.781872481.00007FF52A32C000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A32C000
Size:	4096

Details

Name:	00000003.00000003.771532555.00000196D1313000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1313000
Size:	4096

Details

Name:	00000003.00000002.779636740.000000408F2FA000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F2FA000
Size:	24576

Details

Name:	00000003.00000003.778863600.00000196CE11E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11E000
Size:	65536

Details

Name:	00000003.00000003.775380237.00000196D0502000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0502000
Size:	786432

Details

Name:	00000006.00000002.1163846000.000000001DB1E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DB1E000
Size:	8192

Details

Name:	00000003.00000002.780075044.00000196CDFF0000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CDFF0000
Size:	16384

Details

Name:	00000003.00000002.781923448.00007FF52A344000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A344000
Size:	4096

Details

Name:	00000003.00000002.781178025.00000196D0400000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0400000
Size:	8192

Details

Name:	00000003.00000002.781991122.00007FF52A35E000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A35E000
Size:	12288

Details

Name:	00000003.00000002.782079039.00007FF52A3EA000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A3EA000
Size:	12288

Details

Name:	00000003.00000002.779686545.000000408F57B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F57B000
Size:	20480

Details

Name:	00000003.00000002.780302526.00000196CE102000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE102000
Size:	65536

Details

Name:	00000003.00000003.771798939.00000196D1310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1310000
Size:	372736

Details

Name:	00000003.00000002.780139036.00000196CE029000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE029000
Size:	86016

Details

Name:	00000003.00000002.781452203.00007FF529FCF000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529FCF000
Size:	8192

Details

Name:	00000003.00000003.767525428.00000196CE0A8000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE0A8000
Size:	8192

Details

Name:	00000003.00000002.780269580.00000196CE0D8000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE0D8000
Size:	73728

Details

Name:	00000003.00000002.780975753.00000196D0136000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0136000
Size:	4096

Details

Name:	00000006.00000002.1159647726.0000000000737000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	737000
Size:	266240

Details

Name:	00000003.00000002.781160955.00000196D0294000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0294000
Size:	65536

Details

Name:	00000003.00000002.780954328.00000196D0118000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0118000
Size:	20480

Details

Name:	00000003.00000002.782012928.00007FF52A36E000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A36E000
Size:	4096

Details

Name:	00000003.00000002.781000324.00000196D0168000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0168000
Size:	40960

Details

Name:	00000003.00000002.780871968.00000196CFE70000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	196CFE70000
Size:	4096

Details

Name:	00000003.00000002.780278915.00000196CE0EB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE0EB000
Size:	32768

Details

Name:	00000006.00000002.1159619549.00000000006A0000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	6A0000
Size:	16384

Details

Name:	00000003.00000002.780916995.00000196CFF10000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFF10000
Size:	8192

Details

Name:	00000003.00000002.781626686.00007FF52A2A0000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2A0000
Size:	4096

Details

Name:	00000003.00000002.781405252.00007FF529C01000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529C01000
Size:	8192

Details

Name:	00000003.00000003.772636182.00000196D0402000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0402000
Size:	262144

Details

Name:	00000003.00000003.773805831.00000196CE11E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11E000
Size:	196608

Details

Name:	00000000.00000000.636100785.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.883317739.00000000004B0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	4096

Details

Name:	00000003.00000002.779594275.000000408F07A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F07A000
Size:	24576

Details

Name:	00000003.00000002.781505160.00007FF52A0DF000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A0DF000
Size:	4096

Details

Name:	00000003.00000002.781169923.00000196D02C5000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D02C5000
Size:	24576

Details

Name:	00000000.00000002.883674368.0000000002210000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2210000
Size:	4096

Details

Name:	00000006.00000000.882433797.0000000000413000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	413000
Size:	4096

Details

Name:	00000003.00000002.781543255.00007FF52A1E1000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A1E1000
Size:	4096

Details

Name:	00000006.00000002.1159687658.0000000000830000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	830000
Size:	806912

Details

Name:	00000003.00000002.779623659.000000408F1FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F1FB000
Size:	20480

Details

Name:	00000003.00000002.782052526.00007FF52A379000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A379000
Size:	32768

Details

Name:	00000003.00000002.780965011.00000196D0124000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0124000
Size:	4096

Details

Name:	00000003.00000002.780364643.00000196CE200000.00000008.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	196CE200000
Size:	266240

Details

Name:	00000003.00000002.779871551.00000196CDF20000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CDF20000
Size:	806912

Details

Name:	00000003.00000003.779228573.00000196CE11C000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11C000
Size:	4096

Details

Name:	00000003.00000002.781116385.00000196D0232000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0232000
Size:	16384

Details

Name:	00000000.00000002.883583609.0000000000910000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	910000
Size:	36864

Details

Name:	00000003.00000002.781697043.00007FF52A2CF000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2CF000
Size:	4096

Details

Name:	00000006.00000002.1163928371.000000001DED0000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1DED0000
Size:	12288

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000003.00000002.779728257.000000408F87B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F87B000
Size:	20480

Details

Name:	00000003.00000002.780223458.00000196CE082000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE082000
Size:	8192

Details

Name:	00000000.00000002.883212132.000000000019C000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	19C000
Size:	16384

Details

Name:	00000003.00000002.780920920.00000196CFF20000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CFF20000
Size:	40960

Details

Name:	00000000.00000002.883398570.000000000054A000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	54A000
Size:	69632

Details

Name:	00000003.00000003.772020037.00000196D0442000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0442000
Size:	524288

Details

Name:	00000003.00000002.781667314.00007FF52A2C3000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2C3000
Size:	8192

Details

Name:	00000003.00000002.781801468.00007FF52A305000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A305000
Size:	12288

Details

Name:	00000003.00000002.779753031.000000408F8FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F8FB000
Size:	20480

Details

Name:	00000003.00000003.772192460.00000196D1010000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1010000
Size:	589824

Details

Name:	00000003.00000003.779320026.00000196CE086000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE086000
Size:	16384

Details

Name:	00000003.00000002.781590060.00007FF52A292000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A292000
Size:	8192

Details

Name:	00000003.00000002.781357709.00000196D1000000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1000000
Size:	4096

Details

Name:	00000003.00000002.781429768.00007FF529FBC000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529FBC000
Size:	8192

Details

Name:	00000003.00000002.779699054.000000408F5FA000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F5FA000
Size:	24576

Details

Name:	00000003.00000003.773578402.00000196CE170000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE170000
Size:	69632

Details

Name:	00000003.00000002.780893230.00000196CFEF0000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CFEF0000
Size:	73728

Details

Name:	00000000.00000002.883278778.0000000000420000.00000040.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	420000
Size:	40960

Details

Name:	00000003.00000002.781856664.00007FF52A317000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A317000
Size:	49152

Details

Name:	00000003.00000003.772718963.00000196D1410000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1410000
Size:	593920

Details

Name:	00000003.00000002.779813217.000000408F97A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F97A000
Size:	24576

Details

Name:	00000000.00000002.883571977.000000000080F000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	80F000
Size:	4096

Details

Name:	00000000.00000001.636145540.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000003.00000002.781520299.00007FF52A134000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A134000
Size:	4096

Details

Name:	00000000.00000002.883263943.0000000000411000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	411000
Size:	8192

Details

Name:	00000003.00000002.781026089.00000196D0188000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0188000
Size:	4096

Details

Name:	00000003.00000003.779183148.00000196CE119000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE119000
Size:	24576

Details

Name:	00000000.00000002.883303935.00000000004A0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4A0000
Size:	16384

Details

Name:	00000003.00000003.778847320.00000196CE12E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE12E000
Size:	65536

Details

Name:	00000003.00000002.780350531.00000196CE15F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE15F000
Size:	12288

Details

Name:	00000003.00000002.781150515.00000196D0263000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0263000
Size:	4096

Details

Name:	00000003.00000003.771542722.00000196D1410000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1410000
Size:	77824

Details

Name:	00000003.00000002.781653701.00007FF52A2A2000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2A2000
Size:	24576

Details

Name:	00000003.00000002.781530289.00007FF52A141000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A141000
Size:	4096

Details

Name:	00000003.00000002.780395179.00000196CE250000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CE250000
Size:	36864

Details

Name:	00000000.00000002.883192587.000000000009B000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9B000
Size:	20480

Details

Name:	00000000.00000000.636107132.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	65536

Details

Name:	00000003.00000002.781771041.00007FF52A2FE000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2FE000
Size:	4096

Details

Name:	00000003.00000002.781133287.00000196D023C000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D023C000
Size:	4096

Details

Name:	00000003.00000003.772381427.00000196D1510000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1510000
Size:	462848

Details

Name:	00000000.00000002.883363404.0000000000520000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	520000
Size:	4096

Details

Name:	00000003.00000002.779856624.00000196CDF10000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	196CDF10000
Size:	12288

Details

Name:	00000006.00000002.1159641066.0000000000730000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	730000
Size:	24576

Details

Name:	00000006.00000002.1159799577.00000000023E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23E0000
Size:	4096

Details

Name:	00000003.00000003.776668168.00000196D0582000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0582000
Size:	262144

Details

Name:	00000003.00000002.781077537.00000196D01EB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01EB000
Size:	24576

Details

Name:	00000003.00000002.781064007.00000196D01D2000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01D2000
Size:	53248

Details

Name:	00000003.00000002.781524988.00007FF52A136000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A136000
Size:	4096

Details

Name:	00000003.00000002.781174590.00000196D0300000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0300000
Size:	8192

Details

Name:	00000003.00000002.781072160.00000196D01E6000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01E6000
Size:	16384

Details

Name:	00000003.00000002.779836683.000000408FAFD000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408FAFD000
Size:	12288

Details

Name:	00000003.00000002.781515453.00007FF52A125000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A125000
Size:	4096

Details

Name:	00000006.00000002.1159588159.00000000002C9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2C9000
Size:	8192

Details

Name:	00000006.00000002.1159625376.00000000006B0000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	6B0000
Size:	16384

Details

Name:	00000003.00000002.781141496.00000196D0243000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0243000
Size:	65536

Details

Name:	00000003.00000003.771862166.00000196D1410000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1410000
Size:	483328

Details

Name:	00000003.00000002.780985689.00000196D014D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D014D000
Size:	4096

Details

Name:	00000003.00000002.780337180.00000196CE11A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11A000
Size:	8192

Details

Name:	00000003.00000002.781046401.00000196D01AF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01AF000
Size:	73728

Details

Name:	00000003.00000002.781192641.00000196D0600000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196D0600000
Size:	1269760

Details

Name:	00000003.00000002.779559348.000000408EEFF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EEFF000
Size:	4096

Details

Name:	00000003.00000003.771909318.00000196D1510000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1510000
Size:	462848

Details

Name:	00000003.00000002.780345892.00000196CE12D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE12D000
Size:	4096

Details

Name:	00000000.00000002.883698503.0000000002470000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2470000
Size:	4096

Details

Name:	00000003.00000003.772995602.00000196D1110000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1110000
Size:	610304

Details

Name:	00000006.00000002.1159812448.0000000002480000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2480000
Size:	16384

Details

Name:	00000003.00000002.779604069.000000408F0F9000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F0F9000
Size:	28672

Details

Name:	00000006.00000002.1163890316.000000001DD9E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DD9E000
Size:	8192

Details

Name:	00000000.00000002.883238081.000000000030B000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	30B000
Size:	4096

Details

Name:	00000003.00000002.781157086.00000196D0273000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0273000
Size:	4096

Details

Name:	00000003.00000003.776466808.00000196D1210000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1210000
Size:	372736

Details

Name:	00000003.00000003.772976370.00000196D0115000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0115000
Size:	32768

Details

Name:	00000003.00000002.781388460.00007FF529B5D000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529B5D000
Size:	12288

Details

Name:	00000003.00000002.781101618.00000196D0200000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0200000
Size:	139264

Details

Name:	00000003.00000002.780164606.00000196CE03F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE03F000
Size:	81920

Details

Name:	00000000.00000002.883683018.0000000002280000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2280000
Size:	36864

Details

Name:	00000000.00000002.883219472.00000000001F0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	4096

Details

Name:	00000000.00000002.883438566.0000000000586000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	586000
Size:	4096

Details

Name:	00000003.00000002.781837599.00007FF52A30B000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A30B000
Size:	45056

Details

Name:	00000003.00000002.781883074.00007FF52A32F000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A32F000
Size:	16384

Details

Name:	00000003.00000003.779418131.00000196CE11C000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11C000
Size:	12288

Details

Name:	00000003.00000003.772948441.00000196D0342000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0342000
Size:	217088

Details

Name:	00000006.00000002.1159597368.0000000000560000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	560000
Size:	40960

Signature Hits	Behavior Group	Mitre Attack
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Urls found in memory or binary data	Networking

Details

Name:	00000003.00000003.773929167.00000196CE12D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE12D000
Size:	135168

Details

Name:	00000000.00000002.883602064.0000000002130000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2130000
Size:	733184

Details

Name:	00000006.00000002.1159547432.000000000009D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9D000
Size:	12288

Details

Name:	00000003.00000002.779713464.000000408F77B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F77B000
Size:	20480

Details

Name:	00000000.00000002.883268477.0000000000413000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	413000
Size:	4096

Details

Name:	00000006.00000002.1159808661.000000000247E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	247E000
Size:	8192

Details

Name:	00000003.00000002.780406150.00000196CFB00000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CFB00000
Size:	3371008

Details

Name:	00000006.00000002.1159677356.0000000000779000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	779000
Size:	94208

Details

Name:	00000003.00000003.773731854.00000196CE170000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE170000
Size:	69632

Details

Name:	00000003.00000003.776177432.00000196D1210000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1210000
Size:	372736

Details

Name:	00000006.00000001.883130682.0000000000400000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000006.00000002.1163834078.000000001DADF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DADF000
Size:	4096

Details

Name:	00000006.00000002.1159760323.0000000000FD0000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	FD0000
Size:	331776

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000003.00000002.779718587.000000408F7FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F7FB000
Size:	20480

Details

Name:	00000003.00000002.780932488.00000196D0002000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0002000
Size:	4096

Details

Name:	00000003.00000003.774249950.00000196CE11D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11D000
Size:	4096

Details

Name:	00000003.00000002.779681866.000000408F4FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F4FB000
Size:	20480

Details

Name:	00000003.00000003.771527210.00000196D1310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1310000
Size:	4096

Details

Name:	00000000.00000002.883251342.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	65536

Details

Name:	00000003.00000002.780875634.00000196CFEC0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFEC0000
Size:	8192

Details

Name:	00000003.00000002.781498252.00007FF52A0D8000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A0D8000
Size:	20480

Details

Name:	00000003.00000002.779663695.000000408F3FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F3FB000
Size:	20480

Details

Name:	00000003.00000002.780213029.00000196CE07E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE07E000
Size:	12288

Details

Name:	00000003.00000002.780988760.00000196D014F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D014F000
Size:	53248

Details

Name:	00000003.00000002.779582608.000000408EFFF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EFFF000
Size:	4096

Details

Name:	00000003.00000002.781035977.00000196D018A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D018A000
Size:	73728

Details

Name:	00000003.00000002.781674696.00007FF52A2CB000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2CB000
Size:	8192

Details

Name:	00000003.00000003.774286216.00000196CE15E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE15E000
Size:	8192

Details

Name:	00000003.00000002.782098327.00007FF52A3F1000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A3F1000
Size:	20480

Details

Name:	00000000.00000002.883694495.0000000002460000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2460000
Size:	8192

Details

Name:	00000003.00000003.770150724.00000196CFEE0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFEE0000
Size:	4096

Details

Name:	00000003.00000002.780186265.00000196CE054000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE054000
Size:	167936

Details

Name:	00000006.00000002.1159592959.00000000002CD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CD000
Size:	4096

Details

Name:	00000000.00000002.883596545.0000000002129000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2129000
Size:	24576

Details

Name:	00000003.00000003.772332506.00000196D1210000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1210000
Size:	401408

Details

Name:	00000003.00000002.779533875.000000408EBDF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EBDF000
Size:	4096

Details

Name:	00000003.00000002.781942177.00007FF52A34A000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A34A000
Size:	32768

Details

Name:	00000000.00000002.883578236.000000000084E000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	84E000
Size:	8192

Details

Name:	00000003.00000003.774692910.00000196D01F1000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01F1000
Size:	36864

Details

Name:	00000003.00000002.781056909.00000196D01C2000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01C2000
Size:	32768

Details

Name:	00000003.00000003.772680211.00000196D0502000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0502000
Size:	262144

Details

Name:	00000003.00000003.772886059.00000196D011D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D011D000
Size:	24576

Details

Name:	00000003.00000002.780996290.00000196D0163000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0163000
Size:	16384

Details

Name:	00000003.00000003.772903784.00000196D0302000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0302000
Size:	176128

Details

Name:	00000003.00000002.780252145.00000196CE0B4000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE0B4000
Size:	143360

Details

Name:	00000000.00000002.883244832.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.883231993.0000000000307000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	307000
Size:	12288

Details

Name:	00000003.00000002.780319048.00000196CE113000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE113000
Size:	24576

Details

Name:	00000003.00000002.779704647.000000408F67C000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F67C000
Size:	16384

Details

Name:	00000003.00000002.781721093.00007FF52A2D4000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2D4000
Size:	16384

Details

Name:	00000003.00000002.781416505.00007FF529ED9000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529ED9000
Size:	8192

Details

Name:	00000006.00000002.1162222308.000000001D5A0000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1D5A0000
Size:	3371008

Details

Name:	00000003.00000002.781566778.00007FF52A208000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A208000
Size:	4096

Details

Name:	00000003.00000002.781486356.00007FF52A0C6000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A0C6000
Size:	4096

Details

Name:	00000000.00000002.883452506.0000000000640000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	640000
Size:	806912

Details

Name:	00000003.00000003.774259378.00000196CE13D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE13D000
Size:	69632

Details

Name:	00000003.00000002.782003928.00007FF52A368000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A368000
Size:	12288

Details

Name:	00000000.00000002.883702203.0000000002870000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2870000
Size:	3371008

Details

Name:	00000003.00000002.781752765.00007FF52A2EC000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2EC000
Size:	8192

Details

Name:	00000003.00000003.770139848.00000196CFEE0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFEE0000
Size:	4096

Details

Name:	00000003.00000002.781464228.00007FF529FD7000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF529FD7000
Size:	4096

Details

Name:	00000003.00000002.781534088.00007FF52A151000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A151000
Size:	12288

Details

Name:	00000003.00000002.779630538.000000408F27A000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F27A000
Size:	24576

Details

Name:	00000003.00000002.780341562.00000196CE11D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE11D000
Size:	8192

Details

Name:	00000003.00000002.781538396.00007FF52A159000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A159000
Size:	4096

Details

Name:	00000006.00000002.1163902796.000000001DE9E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DE9E000
Size:	8192

Details

Name:	00000003.00000002.779509034.000000408EB5B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EB5B000
Size:	20480

Details

Name:	00000003.00000002.780285313.00000196CE0F4000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE0F4000
Size:	53248

Details

Name:	00000000.00000002.883334491.00000000004D0000.00000020.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	4D0000
Size:	40960

Details

Name:	00000003.00000002.780880833.00000196CFED0000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	196CFED0000
Size:	12288

Details

Name:	00000003.00000003.774632383.00000196CE084000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE084000
Size:	65536

Details

Name:	00000003.00000002.781729432.00007FF52A2DF000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2DF000
Size:	8192

Details

Name:	00000006.00000002.1163876838.000000001DD5F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DD5F000
Size:	4096

Details

Name:	00000006.00000002.1159753803.0000000000C40000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	C40000
Size:	32768

Details

Name:	00000000.00000002.883690156.0000000002380000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2380000
Size:	4096

Details

Name:	00000006.00000002.1159580468.00000000001F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	8192

Details

Name:	00000003.00000002.779669466.000000408F47B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F47B000
Size:	20480

Details

Name:	00000003.00000002.781096987.00000196D01FB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01FB000
Size:	20480

Details

Name:	00000000.00000002.883345507.0000000000500000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	500000
Size:	4096

Details

Name:	00000006.00000002.1163859976.000000001DC1F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DC1F000
Size:	4096

Details

Name:	00000006.00000000.882416065.0000000000401000.00000020.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	65536

Details

Name:	00000000.00000003.636397532.0000000000573000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	573000
Size:	81920

Details

Name:	00000000.00000002.883299456.000000000047E000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47E000
Size:	8192

Details

Name:	00000003.00000002.781181407.00000196D0500000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0500000
Size:	8192

Details

Name:	00000000.00000002.883419119.0000000000561000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	561000
Size:	122880

Details

Name:	00000003.00000002.781559737.00007FF52A203000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A203000
Size:	8192

Details

Name:	00000006.00000002.1159630916.00000000006B5000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	6B5000
Size:	16384

Details

Name:	00000003.00000002.782021328.00007FF52A371000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A371000
Size:	4096

Details

Name:	00000000.00000002.883377376.0000000000530000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	530000
Size:	20480

Details

Name:	00000006.00000002.1163946908.000000001DEE0000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1DEE0000
Size:	65536

Details

Name:	00000003.00000002.780115067.00000196CE013000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE013000
Size:	86016

Details

Name:	00000003.00000002.779829417.000000408FA7C000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408FA7C000
Size:	16384

Details

Name:	00000003.00000002.779644604.000000408F37B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F37B000
Size:	20480

Details

Name:	00000003.00000002.779848047.00000196CDEB0000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	196CDEB0000
Size:	4096

Details

Name:	00000003.00000003.779383307.00000196D01F1000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D01F1000
Size:	36864

Details

Name:	00000003.00000003.779336965.00000196D0109000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D0109000
Size:	49152

Details

Name:	00000006.00000002.1163865632.000000001DC5E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1DC5E000
Size:	8192

Details

Name:	00000003.00000002.779842280.000000408FB7E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408FB7E000
Size:	8192

Details

Name:	00000003.00000003.773721533.00000196CE160000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE160000
Size:	4096

Details

Name:	00000006.00000002.1159816899.00000000024A0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	24A0000
Size:	4096

Details

Name:	00000000.00000000.636120548.0000000000413000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	413000
Size:	4096

Details

Name:	00000003.00000002.781605948.00007FF52A29C000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A29C000
Size:	8192

Details

Name:	00000000.00000002.883294668.0000000000430000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	430000
Size:	8192

Details

Name:	00000000.00000002.883590724.0000000002120000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2120000
Size:	28672

Details

Name:	00000000.00000002.883383366.0000000000540000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	540000
Size:	32768

Details

Name:	00000003.00000002.780080643.00000196CE000000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE000000
Size:	73728

Details

Name:	00000006.00000002.1163816387.000000001D9DA000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1D9DA000
Size:	24576

Details

Name:	00000003.00000003.776008084.00000196D1110000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1110000
Size:	389120

Details

Name:	00000003.00000002.779709222.000000408F6FD000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408F6FD000
Size:	12288

Details

Name:	00000003.00000002.779567120.000000408EF7B000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	408EF7B000
Size:	20480

Details

Name:	00000006.00000002.1159636210.0000000000700000.00000002.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	700000
Size:	8192

Details

Name:	00000006.00000000.882406941.0000000000400000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000003.00000003.773571541.00000196CE163000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196CE163000
Size:	4096

Details

Name:	00000003.00000003.772802025.00000196D1210000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	196D1210000
Size:	598016

Details

Name:	00000000.00000002.883358209.0000000000510000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	510000
Size:	12288

Details

Name:	00000003.00000002.781764906.00007FF52A2FA000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A2FA000
Size:	8192

Details

Name:	00000003.00000002.780402553.00000196CFA00000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	196CFA00000
Size:	4096

Details

Name:	00000003.00000002.781570433.00007FF52A246000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF52A246000
Size:	12288

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Domains

IPs

Memdumps