Automated Malware Analysis IOC Report for

Details

Name:	00000009.00000002.690266961.0000000000402000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000009.00000002.691167896.0000000000E30000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	E30000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Yara signature match	System Summary

Details

Name:	00000009.00000002.692216842.0000000003971000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3971000
Size:	311296

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000006.00000002.486948198.00000000026C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	26C0000
Size:	487424

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000006.00000002.488023420.0000000003A27000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A27000
Size:	159744

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000006.00000002.487642134.0000000003681000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3681000
Size:	3739648

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000009.00000002.690395863.00000000004A0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4A0000
Size:	65536

Details

Name:	00000009.00000003.642773374.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000002.690134868.0000000000230000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	230000
Size:	4096

Details

Name:	00000009.00000003.486242011.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	16384

Details

Name:	00000009.00000003.540429780.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000002.693509557.00000000069CE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	69CE000
Size:	8192

Details

Name:	00000006.00000002.488401281.0000000004A31000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A31000
Size:	8192

Details

Name:	00000009.00000003.524909005.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000000.480118208.000000007EFB0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000002.482846478.00000000001EB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1EB000
Size:	20480

Details

Name:	00000009.00000003.575905799.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000009.00000003.483356481.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	28672

Details

Name:	00000009.00000003.511101755.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000003.487506985.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	86016

Details

Name:	00000006.00000002.482804718.0000000000172000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	172000
Size:	4096

Details

Name:	00000006.00000002.482842390.00000000001AF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1AF000
Size:	4096

Details

Name:	00000009.00000003.669760244.0000000000199000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	199000
Size:	57344

Details

Name:	00000009.00000002.691051857.0000000000D30000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	D30000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000009.00000002.693310100.000000000550B000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	550B000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000003.474492204.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	16384

Details

Name:	00000006.00000002.488589448.0000000004C34000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4C34000
Size:	8192

Details

Name:	00000006.00000003.472198869.0000000000510000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	20480

Details

Name:	00000009.00000003.501826234.00000000056A1000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A1000
Size:	40960

Details

Name:	00000009.00000003.492674757.00000000049D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D0000
Size:	45056

Details

Name:	00000006.00000002.488360537.0000000004A06000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A06000
Size:	86016

Details

Name:	00000009.00000003.659479888.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000002.691936705.0000000002A46000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2A46000
Size:	28672

Details

Name:	00000009.00000002.691186512.0000000000E8C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E8C000
Size:	16384

Details

Name:	00000009.00000002.691342554.0000000002380000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2380000
Size:	45056

Details

Name:	00000009.00000003.485757389.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	28672

Details

Name:	00000009.00000002.693586232.000000007EF50000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF50000
Size:	4096

Details

Name:	00000009.00000003.494648749.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000003.486276588.00000000005D1000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D1000
Size:	352256

Details

Name:	00000006.00000003.472684940.000000000059C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	59C000
Size:	8192

Details

Name:	00000006.00000003.473719649.0000000000C20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	C20000
Size:	45056

Details

Name:	00000009.00000002.690168273.0000000000260000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	260000
Size:	65536

Details

Name:	00000006.00000003.472184183.0000000000630000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	630000
Size:	28672

Details

Name:	00000009.00000003.618546179.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000003.565453324.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000009.00000002.690816492.0000000000820000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	820000
Size:	24576

Details

Name:	00000006.00000002.483051839.0000000000470000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	4096

Details

Name:	00000009.00000003.484095606.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	16384

Details

Name:	00000009.00000002.691723264.000000000287C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	287C000
Size:	1679360

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000009.00000003.486498046.00000000004B5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B5000
Size:	8192

Details

Name:	00000006.00000003.474434951.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	28672

Details

Name:	00000009.00000002.693627916.000000007EFC2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000002.483773722.00000000005ED000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5ED000
Size:	4096

Details

Name:	00000009.00000003.494625785.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000003.486815169.0000000000750000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	750000
Size:	28672

Details

Name:	00000006.00000002.491807937.000000007EFE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000003.472477426.00000000004A0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	49152

Details

Name:	00000006.00000003.472491824.00000000004AD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4AD000
Size:	12288

Details

Name:	00000006.00000002.490720765.0000000006050000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6050000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000009.00000003.487205304.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	28672

Details

Name:	00000009.00000003.634435276.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000002.692480971.00000000047B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47B0000
Size:	45056

Details

Name:	00000009.00000003.583923422.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.693412533.0000000005B3E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5B3E000
Size:	8192

Details

Name:	00000006.00000003.474534022.00000000005A4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A4000
Size:	4096

Details

Name:	00000009.00000003.507937261.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000003.485811983.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	20480

Details

Name:	00000009.00000002.691120067.0000000000DC0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	DC0000
Size:	65536

Details

Name:	00000009.00000003.485823700.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	28672

Details

Name:	00000009.00000003.575932515.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.691149931.0000000000DE0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	DE0000
Size:	8192

Details

Name:	00000006.00000002.488443451.0000000004A4C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A4C000
Size:	147456

Details

Name:	00000006.00000002.483047005.0000000000460000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	460000
Size:	8192

Details

Name:	00000009.00000003.554758627.00000000056B2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56B2000
Size:	40960

Details

Name:	00000009.00000000.480129592.000000007EFC0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000009.00000003.516740331.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.501159729.00000000056A1000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A1000
Size:	40960

Details

Name:	00000009.00000003.524919077.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000002.693517597.0000000006AB0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6AB0000
Size:	8192

Details

Name:	00000006.00000002.482791701.000000000016A000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16A000
Size:	4096

Details

Name:	00000009.00000002.693621171.000000007EFC0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000003.476139003.0000000000310000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	8192

Details

Name:	00000009.00000003.483624885.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	4096

Details

Name:	00000009.00000002.691045374.0000000000D12000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	D12000
Size:	8192

Details

Name:	00000006.00000002.485731374.000000000078F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	78F000
Size:	4096

Details

Name:	00000009.00000000.480125729.000000007EFB2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000009.00000002.690808163.0000000000818000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	818000
Size:	4096

Details

Name:	00000006.00000002.482890039.0000000000310000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	310000
Size:	8192

Details

Name:	00000006.00000002.488957725.0000000004D30000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4D30000
Size:	770048

Details

Name:	00000006.00000003.481864448.0000000000790000.00000040.00000040.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	790000
Size:	4096

Details

Name:	00000009.00000002.692419310.0000000004780000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4780000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000009.00000003.547905421.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000009.00000003.487429131.0000000002390000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2390000
Size:	61440

Details

Name:	00000006.00000002.488058228.0000000003A63000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A63000
Size:	475136

Details

Name:	00000009.00000002.690053490.000000000018F000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	18F000
Size:	65536

Details

Name:	00000009.00000003.533131122.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000006.00000002.491544365.000000000665E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	665E000
Size:	8192

Details

Name:	00000006.00000002.482309341.0000000000020000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000006.00000002.482818137.0000000000187000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	187000
Size:	4096

Details

Name:	00000009.00000002.692520009.00000000048CE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	48CE000
Size:	8192

Details

Name:	00000009.00000003.674354556.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000003.483848123.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000002.690105028.0000000000212000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	212000
Size:	57344

Details

Name:	00000006.00000002.483350734.0000000000527000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	527000
Size:	4096

Details

Name:	00000009.00000003.634389768.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.627160536.00000000039F4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F4000
Size:	36864

Details

Name:	00000006.00000002.483807874.0000000000630000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	630000
Size:	28672

Details

Name:	00000006.00000002.482333262.0000000000120000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	120000
Size:	8192

Details

Name:	00000009.00000003.486415833.00000000005CE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5CE000
Size:	12288

Details

Name:	00000009.00000002.692194321.0000000003950000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3950000
Size:	40960

Details

Name:	00000009.00000003.509618445.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.483816498.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.674290560.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000003.524853183.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000009.00000002.693385145.00000000058E0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	58E0000
Size:	20480

Details

Name:	00000006.00000002.482450376.0000000000140000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	140000
Size:	16384

Details

Name:	00000006.00000003.475853683.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	65536

Details

Name:	00000006.00000003.474513223.00000000005A4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A4000
Size:	4096

Details

Name:	00000009.00000002.692041106.000000000382F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	382F000
Size:	40960

Details

Name:	00000009.00000002.693674672.000000007EFDF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000009.00000003.533139035.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000002.690017799.0000000000140000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	140000
Size:	4096

Details

Name:	00000006.00000002.486913179.000000000268C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	268C000
Size:	200704

Details

Name:	00000009.00000003.482252559.00000000002A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	24576

Details

Name:	00000009.00000003.488931786.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	24576

Details

Name:	00000009.00000003.494678028.0000000003B14000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3B14000
Size:	45056

Details

Name:	00000009.00000003.482933320.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	20480

Details

Name:	00000009.00000003.489091608.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	28672

Details

Name:	00000006.00000003.472662932.000000000058C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58C000
Size:	65536

Details

Name:	00000006.00000003.477248538.0000000006440000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6440000
Size:	4096

Details

Name:	00000009.00000003.533105605.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000009.00000003.494617006.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	45056

Details

Name:	00000009.00000003.540380483.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000009.00000003.627211509.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000003.483769953.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	24576

Details

Name:	00000006.00000003.473610072.00000000005AD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5AD000
Size:	12288

Details

Name:	00000009.00000003.486024447.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	12288

Details

Name:	00000009.00000003.509593431.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000006.00000002.490690489.0000000005EAF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5EAF000
Size:	4096

Details

Name:	00000006.00000002.491765196.000000007EFB2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000002.483278983.00000000004A0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4A0000
Size:	28672

Details

Name:	00000009.00000003.618570556.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000002.690115026.0000000000220000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	220000
Size:	4096

Details

Name:	00000009.00000003.494668762.0000000003AF4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AF4000
Size:	40960

Details

Name:	00000006.00000003.478510826.00000000047E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47E0000
Size:	65536

Details

Name:	00000009.00000003.540393137.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000009.00000003.674269229.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000006.00000003.472695809.000000000058E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58E000
Size:	57344

Details

Name:	00000006.00000003.474547332.00000000005AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5AE000
Size:	8192

Details

Name:	00000006.00000002.491732629.000000007EF3C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EF3C000
Size:	4096

Details

Name:	00000009.00000003.486679778.00000000004B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	20480

Details

Name:	00000006.00000003.478446433.00000000005D7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D7000
Size:	65536

Details

Name:	00000006.00000003.472634168.000000000058C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58C000
Size:	65536

Details

Name:	00000009.00000002.692003127.00000000037CF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	37CF000
Size:	40960

Details

Name:	00000009.00000002.691319438.00000000022F0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	22F0000
Size:	12288

Details

Name:	00000009.00000003.682047483.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000006.00000003.474466999.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	20480

Details

Name:	00000006.00000003.475568344.0000000000301000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	301000
Size:	12288

Details

Name:	00000006.00000003.473744047.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	8192

Details

Name:	00000009.00000003.486487499.00000000004B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	16384

Details

Name:	00000009.00000003.583958600.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000003.486803749.0000000000740000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	740000
Size:	24576

Details

Name:	00000009.00000003.554776746.0000000000634000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	634000
Size:	12288

Details

Name:	00000009.00000003.666754038.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000002.693376700.000000000587F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	587F000
Size:	4096

Details

Name:	00000006.00000003.474353447.0000000000C20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	C20000
Size:	4096

Details

Name:	00000009.00000003.583894199.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000003.642749028.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000002.692669950.0000000004C9F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C9F000
Size:	4096

Details

Name:	00000006.00000002.485924632.0000000000C80000.00000040.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	C80000
Size:	8192

Details

Name:	00000009.00000002.692325976.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000006.00000002.486406650.0000000002234000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2234000
Size:	4096

Details

Name:	00000009.00000003.487188408.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	16384

Details

Name:	00000009.00000003.487461392.0000000002380000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2380000
Size:	65536

Details

Name:	00000006.00000003.478474936.00000000005E4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5E4000
Size:	12288

Details

Name:	00000009.00000002.690681989.0000000000700000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	700000
Size:	4096

Details

Name:	00000009.00000003.483570967.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	20480

Details

Name:	00000009.00000003.511678701.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000003.634362696.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000003.509985697.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000003.634398269.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.583934544.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000006.00000002.490709024.000000000604E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	604E000
Size:	8192

Details

Name:	00000006.00000002.491529744.00000000064EE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	64EE000
Size:	8192

Details

Name:	00000009.00000003.565869032.0000000000190000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	190000
Size:	65536

Details

Name:	00000009.00000003.565528376.0000000003A93000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A93000
Size:	8192

Details

Name:	00000009.00000002.692161672.0000000003930000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3930000
Size:	40960

Details

Name:	00000009.00000002.691909479.0000000002A30000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2A30000
Size:	86016

Details

Name:	00000009.00000002.689996175.0000000000050000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000009.00000002.692534446.00000000048D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	48D0000
Size:	4096

Details

Name:	00000009.00000003.519218367.00000000047C8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C8000
Size:	32768

Details

Name:	00000009.00000002.690242588.00000000003D0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	3D0000
Size:	8192

Details

Name:	00000009.00000003.510524139.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	40960

Details

Name:	00000009.00000002.692502008.00000000047C0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	47C0000
Size:	4096

Details

Name:	00000009.00000003.591814930.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000002.690210675.00000000003A7000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A7000
Size:	36864

Details

Name:	00000009.00000002.693524346.0000000006AB5000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6AB5000
Size:	4096

Details

Name:	00000009.00000003.483763421.0000000000495000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	495000
Size:	16384

Details

Name:	00000006.00000003.472202517.0000000000516000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	516000
Size:	40960

Details

Name:	00000009.00000002.692300217.00000000039D3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	39D3000
Size:	40960

Details

Name:	00000009.00000003.487164247.0000000000DE0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	DE0000
Size:	20480

Details

Name:	00000009.00000002.690120045.0000000000222000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	222000
Size:	4096

Details

Name:	00000009.00000003.487373578.0000000002380000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2380000
Size:	53248

Details

Name:	00000009.00000003.670402755.0000000004A60000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A60000
Size:	12288

Details

Name:	00000006.00000000.471569010.000000007EFC2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000009.00000003.519187898.00000000049D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D0000
Size:	45056

Details

Name:	00000009.00000003.489149891.00000000049D5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D5000
Size:	8192

Details

Name:	00000009.00000002.690203367.00000000003A6000.00000104.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	3A6000
Size:	4096

Details

Name:	00000009.00000003.666740414.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000006.00000003.473731338.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	65536

Details

Name:	00000009.00000002.690003389.0000000000060000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000009.00000002.689983925.0000000000010000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000001.471689092.0000000000CD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	CD0000
Size:	4096

Details

Name:	00000009.00000003.618555416.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000006.00000002.486853802.000000000239E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	239E000
Size:	8192

Details

Name:	00000009.00000002.693610294.000000007EFB2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000009.00000002.692699330.0000000004DDD000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4DDD000
Size:	12288

Details

Name:	00000009.00000002.692028939.000000000380F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	380F000
Size:	40960

Details

Name:	00000009.00000002.690219548.00000000003B0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3B0000
Size:	65536

Details

Name:	00000009.00000002.693449002.0000000005ED0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5ED0000
Size:	12288

Details

Name:	00000009.00000002.693437807.0000000005D5E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5D5E000
Size:	8192

Details

Name:	00000006.00000002.491661316.0000000006E0E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6E0E000
Size:	8192

Details

Name:	00000006.00000002.488475004.0000000004A70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A70000
Size:	720896

Details

Name:	00000009.00000003.540367142.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000006.00000002.491774570.000000007EFC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000009.00000002.691355428.0000000002390000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2390000
Size:	61440

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000006.00000002.482964007.00000000003D0000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	3D0000
Size:	65536

Details

Name:	00000006.00000002.482935578.00000000003C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	65536

Details

Name:	00000006.00000002.491800591.000000007EFDF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000006.00000002.482322913.0000000000060000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000006.00000003.473643775.00000000005A3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A3000
Size:	40960

Details

Name:	00000006.00000002.482693981.000000000015C000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	15C000
Size:	8192

Details

Name:	00000006.00000003.478500626.0000000004830000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4830000
Size:	36864

Details

Name:	00000009.00000002.692605855.0000000004A20000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4A20000
Size:	4096

Details

Name:	00000009.00000003.547926883.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000006.00000003.474581162.0000000003813000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3813000
Size:	2662400

Details

Name:	00000009.00000002.693404145.000000000593D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	593D000
Size:	8192

Details

Name:	00000009.00000002.691031284.0000000000CF0000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	CF0000
Size:	8192

Details

Name:	00000006.00000002.485930265.0000000000CD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	CD0000
Size:	4096

Details

Name:	00000009.00000003.487256552.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	20480

Details

Name:	00000006.00000003.472226082.00000000004A0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	65536

Details

Name:	00000009.00000003.482822696.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	65536

Details

Name:	00000009.00000002.690023936.0000000000150000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	150000
Size:	4096

Details

Name:	00000006.00000002.488597584.0000000004C38000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4C38000
Size:	86016

Details

Name:	00000009.00000002.690163825.000000000024B000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24B000
Size:	4096

Details

Name:	00000009.00000003.540441599.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.591779739.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000002.690899373.0000000000BB0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BB0000
Size:	913408

Details

Name:	00000009.00000003.666765733.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000002.689990397.0000000000020000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000006.00000002.490671482.0000000005CDE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5CDE000
Size:	8192

Details

Name:	00000009.00000002.691263704.0000000000EF0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	EF0000
Size:	352256

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000009.00000002.690177898.0000000000280000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	280000
Size:	4096

Details

Name:	00000009.00000003.524888053.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.690789448.0000000000800000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	800000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000003.475234070.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	49152

Details

Name:	00000006.00000002.482893082.000000000039D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	39D000
Size:	12288

Details

Name:	00000009.00000003.565486271.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000009.00000003.565836990.00000000056B2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56B2000
Size:	40960

Details

Name:	00000009.00000003.487264678.0000000000ED7000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED7000
Size:	8192

Details

Name:	00000006.00000003.472452908.0000000000500000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	500000
Size:	24576

Details

Name:	00000009.00000003.492965745.00000000047C5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C5000
Size:	8192

Details

Name:	00000009.00000003.679056931.00000000001A3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1A3000
Size:	4096

Details

Name:	00000006.00000003.472645490.0000000000598000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	598000
Size:	16384

Details

Name:	00000006.00000003.475290836.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	16384

Details

Name:	00000009.00000003.659551959.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.682057733.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000006.00000002.482896262.00000000003A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3A0000
Size:	24576

Details

Name:	00000006.00000003.475552063.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	20480

Details

Name:	00000009.00000003.486402241.00000000005CC000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5CC000
Size:	20480

Details

Name:	00000009.00000003.509625127.0000000003AB3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB3000
Size:	8192

Details

Name:	00000009.00000003.587251777.00000000056B2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56B2000
Size:	139264

Details

Name:	00000009.00000003.674335792.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000006.00000003.478427779.00000000005EE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5EE000
Size:	49152

Details

Name:	00000006.00000002.482726113.0000000000162000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	162000
Size:	4096

Details

Name:	00000006.00000002.482856008.00000000002F6000.00000104.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	2F6000
Size:	8192

Details

Name:	00000009.00000003.583913924.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.482838040.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	12288

Details

Name:	00000006.00000003.474528422.00000000005AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5AE000
Size:	4096

Details

Name:	00000009.00000003.483284446.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	28672

Details

Name:	00000009.00000003.591788026.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000006.00000002.485935179.0000000000CD2000.00000020.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	CD2000
Size:	1019904

Details

Name:	00000009.00000003.486727952.00000000006F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6F0000
Size:	4096

Details

Name:	00000009.00000003.487337442.00000000022F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22F0000
Size:	16384

Details

Name:	00000006.00000000.471546412.0000000000DCE000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	DCE000
Size:	28672

Details

Name:	00000009.00000003.487212362.0000000000ED8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED8000
Size:	24576

Details

Name:	00000009.00000002.691991153.00000000037A6000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	37A6000
Size:	77824

Details

Name:	00000009.00000003.669783490.00000000001B8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1B8000
Size:	32768

Details

Name:	00000009.00000003.591808786.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000003.618602334.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000003.509630765.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	40960

Details

Name:	00000006.00000002.491647155.0000000006C7E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6C7E000
Size:	8192

Details

Name:	00000009.00000002.690859500.0000000000A17000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	A17000
Size:	24576

Details

Name:	00000006.00000003.472674707.0000000000596000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	596000
Size:	24576

Details

Name:	00000009.00000002.692102789.00000000038AF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	38AF000
Size:	45056

Details

Name:	00000006.00000002.484094940.000000000065A000.00000040.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	65A000
Size:	4096

Details

Name:	00000009.00000003.486794798.0000000000740000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	740000
Size:	28672

Details

Name:	00000009.00000003.576311342.00000000056B2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56B2000
Size:	40960

Details

Name:	00000009.00000003.509600450.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.693650066.000000007EFD0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000002.491779608.000000007EFC2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000002.488240829.0000000004970000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4970000
Size:	114688

Details

Name:	00000006.00000002.488208398.00000000047F0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	47F0000
Size:	12288

Details

Name:	00000009.00000003.485926688.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	32768

Details

Name:	00000009.00000003.494700991.0000000003B54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3B54000
Size:	45056

Details

Name:	00000009.00000003.547894033.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000009.00000003.565495490.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000006.00000003.473666917.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	16384

Details

Name:	00000009.00000003.666707006.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000006.00000000.471565002.000000007EFC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000003.474507331.00000000005AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5AE000
Size:	4096

Details

Name:	00000009.00000003.501152875.000000000062D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	62D000
Size:	4096

Details

Name:	00000006.00000002.491723212.000000007EF36000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EF36000
Size:	4096

Details

Name:	00000009.00000003.483590609.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.486144741.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	12288

Details

Name:	00000009.00000003.483693178.0000000000497000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	497000
Size:	12288

Details

Name:	00000009.00000002.691244110.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	65536

Details

Name:	00000009.00000003.659568212.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000003.482274644.00000000002A5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A5000
Size:	8192

Details

Name:	00000009.00000002.691159898.0000000000E2E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E2E000
Size:	8192

Details

Name:	00000009.00000003.509583962.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000006.00000003.475827324.0000000000310000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	20480

Details

Name:	00000009.00000003.504838107.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	36864

Details

Name:	00000009.00000003.524898675.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000003.659460429.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000006.00000000.471555614.000000007EFB0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000002.482785473.0000000000167000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	167000
Size:	4096

Details

Name:	00000006.00000002.491750502.000000007EFB0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000009.00000002.690089400.0000000000202000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	202000
Size:	8192

Details

Name:	00000009.00000003.487291313.0000000000ED6000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED6000
Size:	8192

Details

Name:	00000006.00000002.491788662.000000007EFD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000009.00000002.691213630.0000000000EB4000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	EB4000
Size:	110592

Details

Name:	00000009.00000002.691391453.000000000249F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	249F000
Size:	4096

Details

Name:	00000009.00000003.487121476.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	45056

Details

Name:	00000006.00000003.472655407.000000000059C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	59C000
Size:	8192

Details

Name:	00000006.00000003.475785738.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	16384

Details

Name:	00000009.00000003.547949080.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000003.565475942.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000009.00000003.575940984.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000006.00000002.482446211.000000000013A000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	13A000
Size:	8192

Details

Name:	00000006.00000003.472219533.00000000004F2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4F2000
Size:	57344

Details

Name:	00000009.00000003.554767082.00000000056C2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56C2000
Size:	40960

Details

Name:	00000009.00000003.591395395.0000000000635000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	635000
Size:	8192

Details

Name:	00000006.00000002.488564639.0000000004B20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B20000
Size:	4096

Details

Name:	00000009.00000002.691894139.0000000002A20000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2A20000
Size:	57344

Details

Name:	00000009.00000002.690564446.00000000005EF000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5EF000
Size:	303104

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000009.00000002.693560729.0000000006BED000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6BED000
Size:	12288

Details

Name:	00000009.00000003.486260996.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	57344

Details

Name:	00000009.00000003.487141746.0000000000DE8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	DE8000
Size:	32768

Details

Name:	00000009.00000002.691332270.000000000237F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	237F000
Size:	4096

Details

Name:	00000006.00000003.478462304.00000000005D2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D2000
Size:	20480

Details

Name:	00000009.00000003.489111116.00000000047C9000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C9000
Size:	24576

Details

Name:	00000009.00000003.682100529.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000003.509565479.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000006.00000003.474478192.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	45056

Details

Name:	00000009.00000003.565876768.00000000001A3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1A3000
Size:	53248

Details

Name:	00000009.00000003.486115112.0000000000495000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	495000
Size:	4096

Details

Name:	00000009.00000003.516749538.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000006.00000002.490607529.0000000005A8E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5A8E000
Size:	8192

Details

Name:	00000006.00000002.482455774.0000000000150000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	150000
Size:	8192

Details

Name:	00000009.00000003.627258368.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000006.00000002.488410500.0000000004A37000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A37000
Size:	16384

Details

Name:	00000009.00000002.690427354.0000000000540000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	540000
Size:	16384

Details

Name:	00000009.00000003.483578387.0000000000497000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	497000
Size:	12288

Details

Name:	00000009.00000003.565884116.00000000001B3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1B3000
Size:	53248

Details

Name:	00000009.00000003.533112883.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000009.00000003.634443434.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	36864

Details

Name:	00000009.00000003.482955063.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	8192

Details

Name:	00000009.00000003.642728782.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000002.690798900.0000000000810000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	810000
Size:	20480

Details

Name:	00000009.00000003.483810365.0000000000495000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	495000
Size:	12288

Details

Name:	00000009.00000002.691978851.0000000003781000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3781000
Size:	61440

Details

Name:	00000009.00000002.693287644.000000000529C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	529C000
Size:	16384

Details

Name:	00000009.00000003.486837761.0000000000800000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	800000
Size:	49152

Details

Name:	00000009.00000003.485843690.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	24576

Details

Name:	00000009.00000002.690869089.0000000000A20000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	A20000
Size:	73728

Details

Name:	00000009.00000003.487049863.0000000000D90000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	D90000
Size:	16384

Details

Name:	00000009.00000003.483832630.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	12288

Details

Name:	00000006.00000000.471423338.0000000000CD2000.00000020.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	CD2000
Size:	1019904

Details

Name:	00000009.00000003.618592401.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.494637117.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.547967677.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000003.565536544.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000003.494597446.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	49152

Details

Name:	00000009.00000002.690191635.00000000002A0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2A0000
Size:	8192

Details

Name:	00000009.00000002.690182604.0000000000290000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	290000
Size:	65536

Details

Name:	00000009.00000003.533123013.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.692376737.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.591838676.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000002.691946363.0000000002A4E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2A4E000
Size:	249856

Details

Name:	00000009.00000002.690154614.0000000000242000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	242000
Size:	4096

Details

Name:	00000009.00000002.690826445.00000000009A0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A0000
Size:	12288

Details

Name:	00000006.00000002.483749411.00000000005D2000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5D2000
Size:	20480

Details

Name:	00000009.00000003.483553937.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	4096

Details

Name:	00000009.00000003.679047028.0000000000194000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	194000
Size:	49152

Details

Name:	00000009.00000003.483300868.00000000004B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	45056

Details

Name:	00000009.00000002.690483515.0000000000588000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	588000
Size:	262144

Details

Name:	00000009.00000003.642700230.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000002.690100132.0000000000210000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	210000
Size:	8192

Details

Name:	00000009.00000003.487285133.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	16384

Details

Name:	00000009.00000003.575958780.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000002.690290094.0000000000422000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	430080

Details

Name:	00000009.00000002.691091752.0000000000DA0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	DA0000
Size:	61440

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000009.00000002.691886469.0000000002A18000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2A18000
Size:	28672

Details

Name:	00000006.00000002.490634433.0000000005B0E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5B0E000
Size:	8192

Details

Name:	00000009.00000003.587274946.0000000000635000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	635000
Size:	16384

Details

Name:	00000009.00000002.690837400.0000000000A00000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	A00000
Size:	28672

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000002.491556583.00000000066AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	66AE000
Size:	8192

Details

Name:	00000009.00000003.510506898.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000003.486941360.0000000000800000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	800000
Size:	28672

Details

Name:	00000009.00000002.693502034.00000000067DF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	67DF000
Size:	4096

Details

Name:	00000009.00000003.591830615.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000002.692138243.00000000038F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	38F0000
Size:	40960

Details

Name:	00000009.00000002.692069439.000000000386F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	386F000
Size:	40960

Details

Name:	00000006.00000003.473630686.00000000005AD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5AD000
Size:	12288

Details

Name:	00000009.00000003.618577361.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000006.00000002.490679907.0000000005DAE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5DAE000
Size:	8192

Details

Name:	00000009.00000002.690042910.0000000000180000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	180000
Size:	57344

Details

Name:	00000009.00000002.692018207.00000000037EF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	37EF000
Size:	40960

Details

Name:	00000009.00000003.483614896.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.634378298.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000002.691404123.00000000024A0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	24A0000
Size:	12288

Details

Name:	00000009.00000003.519159042.00000000047C5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C5000
Size:	4096

Details

Name:	00000009.00000003.490897138.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	65536

Details

Name:	00000009.00000003.487271909.0000000000ED0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED0000
Size:	16384

Details

Name:	00000009.00000003.524866030.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	8192

Details

Name:	00000006.00000003.472215933.00000000004F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4F0000
Size:	4096

Details

Name:	00000009.00000002.690034951.0000000000170000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	170000
Size:	8192

Details

Name:	00000009.00000003.540405409.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000009.00000003.483725597.00000000004A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	20480

Details

Name:	00000009.00000003.659533172.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000003.540417448.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000002.691196413.0000000000E90000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	E90000
Size:	16384

Details

Name:	00000009.00000003.575949887.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000002.691023342.0000000000CEC000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	CEC000
Size:	16384

Details

Name:	00000009.00000003.483792459.0000000000496000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	496000
Size:	16384

Details

Name:	00000006.00000002.483778112.00000000005F3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5F3000
Size:	32768

Details

Name:	00000006.00000002.490452288.0000000004EA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EA0000
Size:	151552

Details

Name:	00000009.00000002.692717936.0000000004DE0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4DE0000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000002.488617549.0000000004C70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C70000
Size:	778240

Details

Name:	00000006.00000002.491741395.000000007EF40000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000009.00000002.690646997.00000000006E0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	6E0000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000009.00000003.659593549.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	36864

Details

Name:	00000009.00000003.659515861.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.565547425.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	40960

Details

Name:	00000006.00000002.483760604.00000000005DB000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5DB000
Size:	49152

Details

Name:	00000006.00000002.488419147.0000000004A3D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A3D000
Size:	4096

Details

Name:	00000009.00000002.690260509.0000000000400000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000006.00000003.472189720.0000000000620000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	620000
Size:	65536

Details

Name:	00000009.00000003.482924023.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	40960

Details

Name:	00000006.00000002.485820237.0000000000960000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	960000
Size:	73728

Details

Name:	00000006.00000003.477264994.0000000006440000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6440000
Size:	4096

Details

Name:	00000009.00000003.489021954.00000000049D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D0000
Size:	53248

Details

Name:	00000009.00000002.693492670.0000000006440000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6440000
Size:	4096

Details

Name:	00000009.00000003.533086396.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000009.00000003.669746306.000000000018D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	40960

Details

Name:	00000009.00000002.690661319.00000000006F0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6F0000
Size:	4096

Details

Name:	00000006.00000003.472207781.0000000000500000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	500000
Size:	65536

Details

Name:	00000009.00000002.690418025.000000000053D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	53D000
Size:	12288

Details

Name:	00000009.00000003.483054530.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	65536

Details

Name:	00000009.00000003.487195851.00000000022F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22F0000
Size:	24576

Details

Name:	00000009.00000003.482282088.00000000002A1000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A1000
Size:	12288

Details

Name:	00000006.00000003.478526344.00000000047D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47D0000
Size:	65536

Details

Name:	00000009.00000003.618563814.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.501815735.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000006.00000002.485762322.00000000007D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7D0000
Size:	24576

Details

Name:	00000009.00000003.482293336.00000000002A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	32768

Details

Name:	00000009.00000003.494575452.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000009.00000003.501143313.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	40960

Details

Name:	00000009.00000003.487495224.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000009.00000003.487278301.0000000000ED5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	ED5000
Size:	8192

Details

Name:	00000009.00000002.691445743.0000000002781000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2781000
Size:	1024000

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000002.486489214.0000000002270000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2270000
Size:	913408

Details

Name:	00000009.00000003.494687801.0000000003B34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3B34000
Size:	45056

Details

Name:	00000009.00000003.642719737.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.483784743.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.494583565.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000006.00000002.486858974.00000000023A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	23A0000
Size:	16384

Details

Name:	00000009.00000003.516731490.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000006.00000002.488191260.0000000004750000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4750000
Size:	4096

Details

Name:	00000006.00000002.482929753.00000000003B0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	3B0000
Size:	4096

Details

Name:	00000009.00000002.692647158.0000000004C9E000.00000104.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	4C9E000
Size:	4096

Details

Name:	00000009.00000002.690718899.0000000000740000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	740000
Size:	53248

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000006.00000002.486410433.0000000002252000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2252000
Size:	12288

Details

Name:	00000009.00000003.524836584.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000006.00000002.484100129.0000000000677000.00000040.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	677000
Size:	4096

Details

Name:	00000009.00000003.583946855.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.483703609.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	40960

Details

Name:	00000009.00000002.691004471.0000000000C90000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	C90000
Size:	86016

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000006.00000003.478389054.00000000005E7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5E7000
Size:	77824

Details

Name:	00000009.00000003.483292269.00000000004A8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A8000
Size:	32768

Details

Name:	00000009.00000003.583902778.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000006.00000002.482316173.0000000000050000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000009.00000003.490882894.00000000049D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D0000
Size:	4096

Details

Name:	00000009.00000003.492695784.00000000047C8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C8000
Size:	32768

Details

Name:	00000009.00000003.545793500.000000000018D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	12288

Details

Name:	00000009.00000003.483632598.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	45056

Details

Name:	00000009.00000002.692086158.000000000388F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	388F000
Size:	40960

Details

Name:	00000009.00000003.540454280.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000006.00000002.490509026.0000000004EC9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EC9000
Size:	110592

Details

Name:	00000009.00000003.545812999.00000000001A3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1A3000
Size:	53248

Details

Name:	00000009.00000002.693338022.00000000056A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	56A0000
Size:	208896

Details

Name:	00000006.00000002.485681421.000000000078E000.00000104.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	78E000
Size:	4096

Details

Name:	00000009.00000002.690079338.00000000001B3000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	1B3000
Size:	49152

Details

Name:	00000009.00000003.486823680.0000000000758000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	758000
Size:	32768

Details

Name:	00000009.00000003.591802228.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000006.00000003.474450329.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	49152

Details

Name:	00000006.00000002.483578033.0000000000568000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	568000
Size:	221184

Details

Name:	00000009.00000002.693473093.00000000062EE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	62EE000
Size:	8192

Details

Name:	00000009.00000003.682065752.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000009.00000002.693395060.0000000005920000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5920000
Size:	4096

Details

Name:	00000006.00000002.488570582.0000000004B3D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B3D000
Size:	8192

Details

Name:	00000009.00000003.509573562.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000009.00000003.547916089.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000009.00000002.691105544.0000000000DB0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	DB0000
Size:	65536

Details

Name:	00000009.00000002.690231789.00000000003C0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	3C0000
Size:	28672

Details

Name:	00000009.00000003.627226341.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000003.682089209.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.483677766.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	24576

Details

Name:	00000009.00000002.690410163.00000000004FE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4FE000
Size:	4096

Details

Name:	00000009.00000003.591366389.00000000056B2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56B2000
Size:	40960

Details

Name:	00000009.00000003.482725918.00000000006E0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6E0000
Size:	28672

Details

Name:	00000006.00000003.472235103.0000000000490000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	53248

Details

Name:	00000009.00000003.489880646.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	24576

Details

Name:	00000009.00000003.486250103.00000000004A6000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A6000
Size:	8192

Details

Name:	00000006.00000002.488385850.0000000004A1D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A1D000
Size:	65536

Details

Name:	00000009.00000003.618621208.0000000003AF4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AF4000
Size:	36864

Details

Name:	00000009.00000003.510002485.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	40960

Details

Name:	00000009.00000003.666793713.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.634416588.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000003.674313993.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000002.691135916.0000000000DD0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	DD0000
Size:	40960

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000009.00000003.618608874.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	36864

Details

Name:	00000009.00000002.693602876.000000007EFB0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000009.00000003.494658898.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	40960

Details

Name:	00000009.00000003.486986302.0000000000800000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	800000
Size:	20480

Details

Name:	00000009.00000002.692578468.00000000049D0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	49D0000
Size:	16384

Details

Name:	00000009.00000003.519265966.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	20480

Details

Name:	00000009.00000003.565505570.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000003.485857976.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	32768

Details

Name:	00000009.00000000.480148159.000000007EFC2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000009.00000002.691079104.0000000000D90000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	D90000
Size:	36864

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000006.00000002.486402319.0000000002230000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2230000
Size:	4096

Details

Name:	00000009.00000003.674248583.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.486952563.0000000000808000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	808000
Size:	32768

Details

Name:	00000009.00000003.482916892.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000006.00000003.474361656.0000000000640000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	640000
Size:	65536

Details

Name:	00000006.00000002.488331043.00000000049F6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	49F6000
Size:	8192

Details

Name:	00000006.00000002.483060747.0000000000490000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	490000
Size:	12288

Details

Name:	00000009.00000003.492686545.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	28672

Details

Name:	00000006.00000003.473618307.00000000005A3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A3000
Size:	40960

Details

Name:	00000009.00000002.690750700.0000000000757000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	757000
Size:	36864

Details

Name:	00000009.00000002.690129921.000000000022A000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	22A000
Size:	8192

Details

Name:	00000009.00000003.492936225.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	16384

Details

Name:	00000009.00000002.693697445.000000007EFE0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000009.00000003.642737224.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000006.00000003.472708043.0000000000596000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	596000
Size:	24576

Details

Name:	00000006.00000003.472266371.0000000000470000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	65536

Details

Name:	00000009.00000003.524929753.0000000003AD4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AD4000
Size:	40960

Details

Name:	00000009.00000003.524872252.0000000003A23000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A23000
Size:	4096

Details

Name:	00000009.00000003.483717272.000000000049C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49C000
Size:	16384

Details

Name:	00000009.00000003.627189510.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	36864

Details

Name:	00000009.00000003.492723067.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	20480

Details

Name:	00000009.00000002.693427101.0000000005CB0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5CB0000
Size:	4096

Details

Name:	00000009.00000003.487306331.000000000060E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	60E000
Size:	8192

Details

Name:	00000009.00000003.575924793.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000006.00000002.486870984.0000000002681000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2681000
Size:	40960

Details

Name:	00000009.00000003.565847310.00000000056C2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56C2000
Size:	40960

Details

Name:	00000006.00000002.482886655.0000000000300000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	300000
Size:	16384

Details

Name:	00000009.00000002.690532668.00000000005D7000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5D7000
Size:	94208

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000002.488296340.00000000049D4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	49D4000
Size:	90112

Details

Name:	00000009.00000002.693278657.000000000525E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	525E000
Size:	8192

Details

Name:	00000009.00000003.494605714.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	45056

Details

Name:	00000009.00000002.692354167.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.682037686.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000002.692626089.0000000004B8C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B8C000
Size:	16384

Details

Name:	00000009.00000002.690124871.0000000000226000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	226000
Size:	8192

Details

Name:	00000006.00000002.483821020.0000000000640000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	640000
Size:	28672

Details

Name:	00000006.00000002.488217876.00000000047F5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	47F5000
Size:	45056

Details

Name:	00000009.00000003.487134044.0000000000DE0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	DE0000
Size:	28672

Details

Name:	00000006.00000000.471414758.0000000000CD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	CD0000
Size:	4096

Details

Name:	00000006.00000003.472256549.0000000000480000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	65536

Details

Name:	00000009.00000003.489129690.00000000049D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	49D0000
Size:	16384

Details

Name:	00000009.00000002.692055839.000000000384F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	384F000
Size:	40960

Details

Name:	00000006.00000002.483299997.0000000000520000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	520000
Size:	16384

Details

Name:	00000009.00000003.486929033.0000000000A00000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	A00000
Size:	45056

Details

Name:	00000009.00000003.575914277.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	45056

Details

Name:	00000006.00000002.483788007.0000000000620000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	620000
Size:	65536

Details

Name:	00000009.00000002.691058748.0000000000D40000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	D40000
Size:	53248

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000009.00000003.516721460.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000009.00000003.545799253.0000000000191000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	191000
Size:	61440

Details

Name:	00000006.00000002.483692366.000000000059F000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	59F000
Size:	176128

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000009.00000003.627238595.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.504803693.0000000000622000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	622000
Size:	36864

Details

Name:	00000009.00000002.690441314.0000000000564000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	564000
Size:	118784

Details

Name:	00000009.00000003.486831636.0000000000A00000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	A00000
Size:	4096

Details

Name:	00000009.00000002.691037544.0000000000CF5000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	CF5000
Size:	4096

Details

Name:	00000006.00000002.485814796.0000000000950000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	950000
Size:	12288

Details

Name:	00000006.00000002.488233076.000000000496E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	496E000
Size:	8192

Details

Name:	00000009.00000003.634406901.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	36864

Details

Name:	00000006.00000002.488350852.00000000049F9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	49F9000
Size:	4096

Details

Name:	00000006.00000002.482461476.0000000000152000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	152000
Size:	36864

Details

Name:	00000009.00000003.682075900.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000006.00000002.485861377.0000000000C1D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	C1D000
Size:	12288

Details

Name:	00000009.00000002.691325484.000000000233C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	233C000
Size:	16384

Details

Name:	00000009.00000003.591795037.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.482267763.00000000002A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	16384

Details

Name:	00000009.00000003.486847521.0000000000740000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	740000
Size:	65536

Details

Name:	00000009.00000003.576325404.0000000000635000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	635000
Size:	16384

Details

Name:	00000009.00000002.690251840.00000000003F0000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3F0000
Size:	16384

Details

Name:	00000006.00000003.472463496.00000000004F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4F0000
Size:	65536

Details

Name:	00000006.00000003.472615616.000000000059C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	59C000
Size:	118784

Details

Name:	00000006.00000002.483842918.0000000000650000.00000040.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	650000
Size:	28672

Details

Name:	00000006.00000000.471560190.000000007EFB2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000009.00000003.482326108.00000000002A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	20480

Details

Name:	00000009.00000003.642757029.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000003.487327341.00000000022F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22F0000
Size:	16384

Details

Name:	00000009.00000003.533096532.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000006.00000002.482442002.0000000000132000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	132000
Size:	8192

Details

Name:	00000006.00000000.471573684.000000007EFD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000009.00000003.674201349.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000002.693461032.000000000606E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	606E000
Size:	8192

Details

Name:	00000009.00000003.642709645.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000006.00000002.482826322.00000000001A0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1A0000
Size:	57344

Details

Name:	00000009.00000003.591401097.0000000000638000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	638000
Size:	4096

Details

Name:	00000006.00000002.487122919.0000000002738000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2738000
Size:	2904064

Details

Name:	00000009.00000003.591386753.00000000056C2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56C2000
Size:	40960

Details

Name:	00000009.00000003.482794669.00000000004B0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	65536

Details

Name:	00000006.00000002.490660114.0000000005C4D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5C4D000
Size:	12288

Details

Name:	00000009.00000003.519206250.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	28672

Details

Name:	00000009.00000003.511137664.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	40960

Details

Name:	00000009.00000003.583886028.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000006.00000002.491622217.000000000697F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	697F000
Size:	4096

Details

Name:	00000006.00000002.482821885.000000000018B000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	18B000
Size:	4096

Details

Name:	00000009.00000002.692119609.00000000038D0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	38D0000
Size:	40960

Details

Name:	00000006.00000002.486393022.0000000000DCE000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	DCE000
Size:	28672

Details

Name:	00000009.00000003.483547547.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000006.00000003.474554866.00000000005A5000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A5000
Size:	32768

Details

Name:	00000009.00000003.482260641.00000000003C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	16384

Details

Name:	00000009.00000002.690029113.0000000000160000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	160000
Size:	4096

Details

Name:	00000009.00000002.691206081.0000000000E97000.00000040.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	E97000
Size:	4096

Details

Name:	00000009.00000002.690632566.0000000000648000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	648000
Size:	4096

Details

Name:	00000009.00000003.682026836.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000002.693482586.000000000643E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	643E000
Size:	8192

Details

Name:	00000009.00000003.524878129.0000000003A34000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A34000
Size:	40960

Details

Name:	00000006.00000002.482330340.00000000000F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	F0000
Size:	4096

Details

Name:	00000006.00000002.488578961.0000000004C30000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4C30000
Size:	4096

Details

Name:	00000009.00000003.494718194.0000000003B74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3B74000
Size:	45056

Details

Name:	00000009.00000002.693296014.00000000053CE000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	53CE000
Size:	8192

Details

Name:	00000009.00000000.480156692.000000007EFD0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000009.00000003.483778000.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	20480

Details

Name:	00000009.00000003.487312842.0000000000615000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	615000
Size:	4096

Details

Name:	00000009.00000002.690780184.0000000000782000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	782000
Size:	16384

Details

Name:	00000009.00000003.482842775.0000000000494000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	494000
Size:	49152

Details

Name:	00000009.00000002.693327784.000000000567B000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	567B000
Size:	20480

Details

Name:	00000006.00000002.488182379.000000000474C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	474C000
Size:	16384

Details

Name:	00000009.00000003.483559697.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	24576

Details

Name:	00000006.00000002.491610842.000000000697E000.00000104.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	697E000
Size:	4096

Details

Name:	00000009.00000003.565864192.000000000018D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	8192

Details

Name:	00000009.00000003.659495814.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000006.00000002.488266117.00000000049A8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	49A8000
Size:	151552

Details

Name:	00000006.00000002.485917406.0000000000C6C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	C6C000
Size:	16384

Details

Name:	00000009.00000003.666727360.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000003.483737820.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	45056

Details

Name:	00000006.00000002.482924170.00000000003A9000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3A9000
Size:	28672

Details

Name:	00000009.00000003.486186126.00000000004A5000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A5000
Size:	4096

Details

Name:	00000009.00000003.575895550.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	40960

Details

Name:	00000006.00000003.477234164.0000000006440000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6440000
Size:	4096

Details

Name:	00000006.00000002.483287508.00000000004EE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EE000
Size:	8192

Details

Name:	00000009.00000002.691415430.00000000024A6000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	24A6000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000009.00000003.486072097.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000006.00000003.475687485.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	49152

Details

Name:	00000009.00000003.485601853.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	20480

Details

Name:	00000006.00000002.490249518.0000000004DF0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4DF0000
Size:	552960

Details

Name:	00000006.00000002.483292015.00000000004F0000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4F0000
Size:	36864

Details

Name:	00000006.00000003.475358476.0000000000300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	49152

Details

Name:	00000006.00000002.482973209.0000000000450000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	450000
Size:	65536

Details

Name:	00000009.00000003.547937875.0000000003A54000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A54000
Size:	40960

Details

Name:	00000006.00000003.474567969.0000000000308000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	308000
Size:	4096

Details

Name:	00000006.00000002.491583787.00000000067CE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	67CE000
Size:	8192

Details

Name:	00000009.00000003.482313746.00000000002A0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	4096

Details

Name:	00000009.00000002.690149845.000000000023C000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23C000
Size:	4096

Details

Name:	00000009.00000003.666780769.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	36864

Details

Name:	00000009.00000003.533145514.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	40960

Details

Name:	00000009.00000003.669774341.00000000001A8000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1A8000
Size:	61440

Details

Name:	00000009.00000003.674223007.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	40960

Details

Name:	00000009.00000002.690434591.0000000000547000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	547000
Size:	8192

Details

Name:	00000009.00000003.627174789.0000000003A13000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A13000
Size:	40960

Details

Name:	00000009.00000003.519121160.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	40960

Details

Name:	00000009.00000002.693531785.0000000006AD2000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6AD2000
Size:	16384

Details

Name:	00000009.00000002.690139504.0000000000232000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	232000
Size:	4096

Details

Name:	00000009.00000002.690095164.000000000020A000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	20A000
Size:	8192

Details

Name:	00000009.00000003.547957943.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	40960

Details

Name:	00000009.00000003.634425192.0000000003A94000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A94000
Size:	36864

Details

Name:	00000009.00000002.690069502.00000000001A3000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	1A3000
Size:	49152

Details

Name:	00000006.00000003.473674728.0000000000630000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	630000
Size:	65536

Details

Name:	00000006.00000003.474517955.00000000005A7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A7000
Size:	24576

Details

Name:	00000006.00000002.482300752.0000000000010000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000009.00000002.690737139.0000000000750000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	750000
Size:	24576

Details

Name:	00000009.00000002.690771396.0000000000764000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	764000
Size:	4096

Details

Name:	00000009.00000003.483798210.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000002.692593925.0000000004A1E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A1E000
Size:	8192

Details

Name:	00000009.00000003.483753090.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.486191278.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	28672

Details

Name:	00000009.00000003.507972473.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	40960

Details

Name:	00000009.00000002.690010013.00000000000BA000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	BA000
Size:	24576

Details

Name:	00000009.00000002.690764134.0000000000760000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	760000
Size:	4096

Details

Name:	00000009.00000003.565465090.00000000039F3000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39F3000
Size:	45056

Details

Name:	00000006.00000002.482881091.00000000002F8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2F8000
Size:	32768

Details

Name:	00000009.00000003.487360098.00000000022F0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22F0000
Size:	65536

Details

Name:	00000009.00000003.679040987.000000000018D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	8192

Details

Name:	00000006.00000003.474537965.00000000005A7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A7000
Size:	24576

Details

Name:	00000006.00000002.482811932.000000000017A000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	17A000
Size:	4096

Details

Name:	00000009.00000003.666810065.0000000003AB4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3AB4000
Size:	36864

Details

Name:	00000009.00000003.483666429.0000000000490000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000009.00000003.519148462.00000000047C0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	47C0000
Size:	16384

Details

Name:	00000006.00000002.485884792.0000000000C20000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	C20000
Size:	8192

Details

Name:	00000009.00000002.691070386.0000000000D8E000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	D8E000
Size:	8192

Details

Name:	00000009.00000003.511713148.00000000056A2000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	56A2000
Size:	40960

Details

Name:	00000006.00000002.483742791.00000000005CB000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5CB000
Size:	16384

Details

Name:	00000009.00000002.690849927.0000000000A10000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	A10000
Size:	16384

Details

Name:	00000009.00000002.691381133.000000000249E000.00000104.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	249E000
Size:	4096

Details

Name:	00000009.00000002.692562534.00000000048ED000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	48ED000
Size:	8192

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000009.00000003.509607692.0000000003A74000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A74000
Size:	40960

Details

Name:	00000009.00000003.618535942.00000000039D4000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39D4000
Size:	36864

Details

Name:	00000009.00000003.486688438.00000000004B7000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B7000
Size:	8192

Details

Name:	00000009.00000002.690159160.0000000000247000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	247000
Size:	4096

Details

Name:	00000009.00000003.487345180.000000000060A000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	60A000
Size:	16384

Details

Name:	00000006.00000003.472514323.00000000004A0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	8192

Details

Name:	00000006.00000002.483357458.0000000000544000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	544000
Size:	118784

Details

Name:	00000009.00000002.690145169.000000000023A000.00000040.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23A000
Size:	4096

Details

Name:	00000009.00000002.690522836.00000000005C9000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5C9000
Size:	32768

Details

Name:	00000009.00000003.487319473.0000000000609000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	609000
Size:	20480

Details

Name:	00000009.00000003.565856100.0000000000635000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	635000
Size:	16384

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps