Automated Malware Analysis IOC Report for

Details

Name:	0000000E.00000002.523014987.00000000032D9000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	32D9000
Size:	495616

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000011.00000002.528139712.0000000002231000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2231000
Size:	237568

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000010.00000002.525259528.0000000003549000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3549000
Size:	495616

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000E.00000002.522978296.00000000022D1000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22D1000
Size:	237568

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000C.00000002.515854316.000000000223D000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	223D000
Size:	2011136

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000010.00000002.525186411.0000000002541000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2541000
Size:	237568

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000004.00000002.690682289.00000000006C0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	6C0000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Yara signature match	System Summary

Details

Name:	0000000A.00000002.511286759.0000000003289000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3289000
Size:	2617344

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000004.00000002.690383308.0000000000402000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000C.00000002.516689891.0000000003209000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3209000
Size:	2617344

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000011.00000002.528229678.0000000003239000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3239000
Size:	495616

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000003.00000002.477879710.000000000249D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	249D000
Size:	2011136

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	0000000A.00000002.510442930.00000000022BD000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22BD000
Size:	2011136

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000004.00000002.694158728.0000000003479000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3479000
Size:	270336

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000E.00000002.522489862.0000000000402000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000003.00000002.479035033.0000000003469000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3469000
Size:	2617344

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000011.00000002.527221961.0000000000402000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000010.00000002.524484369.0000000000402000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	402000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000B.00000002.513705045.00000000032A9000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	32A9000
Size:	2617344

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	0000000B.00000002.512977056.00000000022DD000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22DD000
Size:	2011136

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000004.00000002.691609233.0000000002431000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2431000
Size:	327680

Signature Hits	Behavior Group	Mitre Attack
Yara detected Nanocore RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	0000000A.00000003.504039070.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	61440

Details

Name:	00000003.00000002.477074026.0000000000514000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	514000
Size:	110592

Details

Name:	0000000C.00000002.518136302.000000007EFC0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000E.00000002.523091215.0000000004730000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4730000
Size:	913408

Details

Name:	00000004.00000002.696046846.000000007EFD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000011.00000003.514285728.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	49152

Details

Name:	00000004.00000003.535316885.000000000633B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633B000
Size:	4096

Details

Name:	0000000C.00000002.515123074.0000000000757000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	757000
Size:	8192

Details

Name:	00000003.00000000.471802467.000000007EFC2000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.532885078.000000000633B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633B000
Size:	4096

Details

Name:	00000010.00000000.509623948.0000000000BE0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000003.532872858.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	0000000A.00000002.510199982.0000000001FEC000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1FEC000
Size:	16384

Details

Name:	0000000A.00000000.488538483.000000007EFC0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.694782360.0000000004BAF000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4BAF000
Size:	4096

Details

Name:	0000000D.00000000.507513783.000000007EFC2000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000C.00000002.517546873.00000000043A4000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	43A4000
Size:	4096

Details

Name:	0000000B.00000002.514959733.00000000050A0000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	50A0000
Size:	430080

Details

Name:	00000003.00000002.477296163.0000000000899000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	899000
Size:	24576

Details

Name:	00000004.00000002.690450004.00000000004CE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CE000
Size:	8192

Details

Name:	0000000A.00000002.509502266.00000000005D0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5D0000
Size:	24576

Details

Name:	0000000A.00000002.509823754.00000000009A6000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	00000004.00000002.690929363.00000000007B0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	7B0000
Size:	20480

Details

Name:	00000004.00000003.485838420.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	20480

Details

Name:	0000000E.00000002.523319200.000000000555E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	555E000
Size:	8192

Details

Name:	0000000D.00000002.508037808.000000007EFC2000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000011.00000002.527650980.0000000000997000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	997000
Size:	4096

Details

Name:	00000004.00000003.548410948.00000000022D0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22D0000
Size:	8192

Details

Name:	0000000E.00000003.509659242.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	16384

Details

Name:	00000010.00000000.509842293.000000007EFC2000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000003.00000003.474463791.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	65536

Details

Name:	0000000C.00000002.514466651.0000000000150000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	150000
Size:	8192

Details

Name:	00000004.00000002.695960469.000000000771D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	771D000
Size:	12288

Details

Name:	00000004.00000002.695859529.000000000652D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	652D000
Size:	12288

Details

Name:	00000004.00000003.502010797.0000000006301000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6301000
Size:	262144

Details

Name:	0000000E.00000002.523367036.000000007EFC2000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000011.00000002.527839722.0000000000BE0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000003.504054872.0000000000790000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	20480

Details

Name:	00000011.00000003.513971836.00000000003E6000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E6000
Size:	40960

Details

Name:	0000000B.00000003.504794797.00000000003D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	28672

Details

Name:	0000000C.00000002.515757825.0000000002201000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2201000
Size:	237568

Details

Name:	00000003.00000002.480399081.000000007EFC0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.690458011.00000000004D0000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4D0000
Size:	16384

Details

Name:	0000000A.00000003.508584798.0000000004B70000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B70000
Size:	434176

Details

Name:	00000004.00000002.694103656.0000000003431000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3431000
Size:	73728

Details

Name:	00000004.00000002.690705679.00000000006E0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6E0000
Size:	16384

Details

Name:	00000004.00000002.694812636.000000000507E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	507E000
Size:	8192

Details

Name:	0000000B.00000002.514916315.0000000004F30000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F30000
Size:	4096

Details

Name:	00000004.00000003.477338216.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	65536

Details

Name:	00000004.00000002.690466909.00000000004D7000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4D7000
Size:	8192

Details

Name:	0000000A.00000002.513005004.0000000004872000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4872000
Size:	8192

Details

Name:	00000004.00000000.476023315.0000000000912000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	00000011.00000002.526691476.0000000000010000.00000004.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000003.00000002.477263596.00000000006E0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6E0000
Size:	20480

Details

Name:	00000009.00000000.486217637.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000009.00000002.691415375.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	0000000B.00000002.510890799.00000000002A0000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2A0000
Size:	24576

Details

Name:	00000003.00000002.477086581.0000000000530000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	530000
Size:	12288

Details

Name:	0000000F.00000001.509360841.0000000000BE0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000002.694876859.00000000053B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	53B0000
Size:	4096

Details

Name:	0000000A.00000002.513349503.0000000004F70000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4F70000
Size:	8192

Details

Name:	0000000B.00000000.490185189.000000007EFD0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000002.691107669.0000000000910000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	00000009.00000002.691312959.0000000002995000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2995000
Size:	4096

Details

Name:	00000011.00000002.527426140.0000000000860000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	860000
Size:	12288

Details

Name:	00000010.00000003.510606213.0000000000240000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	240000
Size:	24576

Details

Name:	0000000A.00000002.509194826.00000000002DB000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2DB000
Size:	4096

Details

Name:	0000000E.00000002.522124410.0000000000050000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000E.00000000.508441038.000000007EFC0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000A.00000002.509061083.0000000000010000.00000004.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000D.00000002.508030414.000000007EFC0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000003.483027853.00000000005A1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A1000
Size:	69632

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000004.00000003.484517853.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	8192

Details

Name:	00000004.00000003.500213245.0000000006301000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6301000
Size:	356352

Details

Name:	0000000C.00000002.517916971.0000000005000000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	5000000
Size:	4096

Details

Name:	00000011.00000002.528505845.000000000496E000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	496E000
Size:	8192

Details

Name:	00000004.00000002.696039830.000000007EFC2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000B.00000002.514856172.0000000004E20000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4E20000
Size:	8192

Details

Name:	00000011.00000003.514323410.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	28672

Details

Name:	00000004.00000003.504524800.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	49152

Details

Name:	0000000B.00000002.510849786.000000000028D000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	28D000
Size:	4096

Details

Name:	0000000A.00000002.513296162.0000000004E3C000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E3C000
Size:	8192

Details

Name:	0000000C.00000003.506267640.00000000004B7000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B7000
Size:	36864

Details

Name:	00000004.00000003.490100668.0000000000790000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	20480

Details

Name:	00000004.00000003.483036417.000000000057D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	57D000
Size:	147456

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	0000000E.00000002.522972798.00000000022CF000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22CF000
Size:	4096

Details

Name:	0000000B.00000003.502502724.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	65536

Details

Name:	0000000A.00000002.509172427.000000000027D000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	27D000
Size:	4096

Details

Name:	0000000A.00000003.504812288.00000000003D0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	28672

Details

Name:	00000004.00000003.548969190.00000000022B8000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B8000
Size:	16384

Details

Name:	0000000A.00000003.499246761.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	24576

Details

Name:	0000000B.00000002.512460167.0000000000B44000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B44000
Size:	4096

Details

Name:	0000000A.00000002.512942016.000000000481F000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	481F000
Size:	4096

Details

Name:	00000011.00000003.512275080.0000000000350000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	350000
Size:	16384

Details

Name:	00000004.00000003.477468625.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	4096

Details

Name:	00000009.00000002.691337018.0000000002AFF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2AFF000
Size:	4096

Details

Name:	0000000E.00000000.508127216.0000000000910000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000003.502717681.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	16384

Details

Name:	00000004.00000002.695763375.0000000006200000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6200000
Size:	4096

Details

Name:	00000004.00000003.485879593.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	12288

Details

Name:	00000011.00000002.526759102.0000000000163000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	163000
Size:	4096

Details

Name:	0000000A.00000002.509372396.00000000004D0000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4D0000
Size:	16384

Details

Name:	0000000A.00000002.509433095.0000000000510000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	510000
Size:	8192

Details

Name:	00000004.00000002.695914869.0000000006F8D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6F8D000
Size:	12288

Details

Name:	00000004.00000002.695801194.0000000006321000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6321000
Size:	143360

Details

Name:	00000004.00000003.535900742.000000000633B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633B000
Size:	4096

Details

Name:	00000004.00000003.477289692.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	8192

Details

Name:	00000010.00000000.509811156.0000000000C76000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	0000000A.00000002.513483540.000000000AC5E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AC5E000
Size:	8192

Details

Name:	00000004.00000002.690999429.0000000000834000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	834000
Size:	49152

Details

Name:	00000003.00000002.479538495.000000000492E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	492E000
Size:	8192

Details

Name:	0000000B.00000002.511748753.0000000000500000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	500000
Size:	65536

Details

Name:	0000000C.00000002.515218499.00000000007B6000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7B6000
Size:	172032

Details

Name:	00000004.00000002.694801669.000000000502C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	502C000
Size:	16384

Details

Name:	00000003.00000002.477127760.00000000005F0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5F0000
Size:	913408

Details

Name:	00000004.00000002.695874256.00000000066AC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	66AC000
Size:	16384

Details

Name:	00000004.00000002.690336389.0000000000290000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	290000
Size:	28672

Details

Name:	00000004.00000003.549042618.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	12288

Details

Name:	00000003.00000002.476959147.00000000000A0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A0000
Size:	8192

Details

Name:	00000004.00000003.505413678.0000000004440000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4440000
Size:	20480

Details

Name:	00000003.00000002.479463418.0000000004860000.00000004.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4860000
Size:	430080

Details

Name:	00000004.00000002.690319264.0000000000270000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	270000
Size:	65536

Details

Name:	00000004.00000002.694381828.000000000364A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	364A000
Size:	36864

Details

Name:	0000000A.00000002.513591544.000000007EFD0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000B.00000002.512374780.0000000000A1C000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A1C000
Size:	16384

Details

Name:	0000000F.00000000.509263884.000000007EFB0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000004.00000003.485169920.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	20480

Details

Name:	00000004.00000002.690723702.0000000000705000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	705000
Size:	110592

Details

Name:	00000004.00000003.484800664.00000000006C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6C0000
Size:	16384

Details

Name:	00000004.00000002.694945371.00000000056CD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	56CD000
Size:	12288

Details

Name:	0000000B.00000002.515241428.000000000AE9F000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AE9F000
Size:	4096

Details

Name:	00000010.00000002.525249117.0000000003541000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3541000
Size:	24576

Details

Name:	0000000E.00000002.523373349.000000007EFD0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000C.00000002.518168699.000000007EFD0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000003.548818594.00000000022C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22C0000
Size:	65536

Details

Name:	0000000E.00000002.522139777.00000000001A6000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1A6000
Size:	40960

Details

Name:	0000000A.00000002.512984693.0000000004854000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4854000
Size:	4096

Details

Name:	00000004.00000003.486176858.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	8192

Details

Name:	00000010.00000002.525106864.0000000000C80000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C80000
Size:	24576

Details

Name:	00000003.00000002.477047905.00000000004E0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E0000
Size:	4096

Details

Name:	00000004.00000002.696010445.000000007EF40000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	0000000E.00000003.509124419.0000000000570000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	570000
Size:	16384

Details

Name:	00000009.00000002.691376761.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	0000000A.00000002.513437446.000000000A700000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A700000
Size:	8192

Details

Name:	0000000B.00000003.503350186.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	61440

Details

Name:	00000004.00000002.690154033.0000000000180000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	180000
Size:	4096

Details

Name:	00000010.00000003.511542782.00000000002A6000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A6000
Size:	8192

Details

Name:	00000004.00000003.485372332.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	16384

Details

Name:	00000011.00000002.528629803.000000007EFC2000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000B.00000002.511917538.0000000000517000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	517000
Size:	8192

Details

Name:	00000010.00000002.525518317.000000007EFE0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000010.00000003.511837459.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	36864

Details

Name:	00000010.00000002.525446023.000000000583E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	583E000
Size:	8192

Details

Name:	00000010.00000002.524774561.00000000007C4000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7C4000
Size:	110592

Details

Name:	0000000E.00000002.523006671.00000000032D1000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	32D1000
Size:	24576

Details

Name:	00000004.00000002.691041233.00000000008A0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	8A0000
Size:	53248

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000003.00000003.474455400.0000000000900000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	28672

Details

Name:	0000000E.00000002.523209882.000000000484F000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	484F000
Size:	4096

Details

Name:	00000011.00000000.510884223.000000007EFB2000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000011.00000002.527612530.0000000000990000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	990000
Size:	16384

Details

Name:	0000000A.00000003.505044779.0000000000400000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	400000
Size:	8192

Details

Name:	0000000C.00000002.515528614.0000000000BE0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000002.691493356.00000000021B0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	21B0000
Size:	40960

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000004.00000003.599276434.0000000003923000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3923000
Size:	40960

Details

Name:	0000000E.00000002.522173162.00000000001CD000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1CD000
Size:	4096

Details

Name:	0000000E.00000002.522585084.0000000000422000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	00000003.00000002.477475975.00000000020AE000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20AE000
Size:	8192

Details

Name:	0000000A.00000002.510266987.000000000227F000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	227F000
Size:	4096

Details

Name:	00000003.00000003.475085248.0000000000320000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	320000
Size:	45056

Details

Name:	00000004.00000003.504018159.0000000000790000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	16384

Details

Name:	0000000B.00000002.514816233.0000000004E0E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E0E000
Size:	8192

Details

Name:	0000000C.00000003.506749160.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	28672

Details

Name:	00000010.00000002.524307568.0000000000147000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	147000
Size:	4096

Details

Name:	00000004.00000002.695882851.00000000068AC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	68AC000
Size:	16384

Details

Name:	00000004.00000003.549254634.0000000006333000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6333000
Size:	40960

Details

Name:	0000000F.00000000.509090355.0000000000BE2000.00000020.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000003.00000002.476974811.000000000016D000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16D000
Size:	4096

Details

Name:	00000011.00000003.514211402.00000000005D0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5D0000
Size:	8192

Details

Name:	00000010.00000000.509827830.000000007EFB2000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000010.00000002.525115626.0000000000E00000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	E00000
Size:	12288

Details

Name:	00000004.00000003.477555569.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	8192

Details

Name:	00000004.00000002.691076792.00000000008D0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	8D0000
Size:	4096

Details

Name:	0000000B.00000000.490169814.000000007EFB2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000A.00000002.513567617.000000007EFB0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000B.00000002.512453766.0000000000B40000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B40000
Size:	4096

Details

Name:	00000004.00000003.535307966.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	0000000C.00000002.514440300.0000000000020000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	0000000A.00000003.508862778.0000000000290000.00000040.00000040.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	290000
Size:	4096

Details

Name:	00000011.00000002.527285881.00000000005C0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5C0000
Size:	12288

Details

Name:	0000000A.00000002.509240093.0000000000330000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	330000
Size:	16384

Details

Name:	0000000C.00000002.514459256.000000000012A000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	12A000
Size:	24576

Details

Name:	00000004.00000003.548765893.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	00000010.00000002.524231026.0000000000010000.00000004.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000004.00000002.690052652.000000000013A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	13A000
Size:	24576

Details

Name:	00000004.00000002.694569017.00000000037E3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	37E3000
Size:	40960

Details

Name:	00000004.00000002.695716519.00000000061AC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	61AC000
Size:	16384

Details

Name:	0000000E.00000003.509413953.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	40960

Details

Name:	00000010.00000000.509819195.000000007EFB0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000E.00000002.523354193.000000007EFB2000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000004.00000002.690991650.0000000000830000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	830000
Size:	12288

Details

Name:	00000010.00000003.510586929.0000000000240000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	240000
Size:	16384

Details

Name:	0000000A.00000002.509516030.0000000000760000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	760000
Size:	24576

Details

Name:	00000010.00000002.524452432.0000000000280000.00000004.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	280000
Size:	8192

Details

Name:	00000010.00000002.525010988.0000000000B94000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B94000
Size:	4096

Details

Name:	0000000E.00000002.522715762.00000000005F0000.00000004.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	5F0000
Size:	8192

Details

Name:	0000000B.00000002.515306944.000000007EFD0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000010.00000003.511041159.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	8192

Details

Name:	00000003.00000002.480419160.000000007EFC2000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000010.00000003.511485830.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	16384

Details

Name:	00000004.00000003.477226784.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	57344

Details

Name:	00000011.00000002.526837713.000000000027D000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	27D000
Size:	4096

Details

Name:	0000000A.00000002.509509182.0000000000750000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	750000
Size:	12288

Details

Name:	00000004.00000003.487994327.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	57344

Details

Name:	00000004.00000002.694749718.000000000496C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	496C000
Size:	16384

Details

Name:	0000000E.00000003.509640580.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	65536

Details

Name:	0000000A.00000002.509076738.000000000009A000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9A000
Size:	24576

Details

Name:	0000000C.00000002.515516359.0000000000B60000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B60000
Size:	4096

Details

Name:	00000011.00000002.527481055.00000000008B5000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	8B5000
Size:	245760

Details

Name:	00000011.00000003.512283978.0000000000355000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	355000
Size:	8192

Details

Name:	00000009.00000002.689993122.0000000000010000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000A.00000002.510271362.0000000002281000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2281000
Size:	122880

Details

Name:	0000000F.00000002.509432902.0000000000060000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000011.00000002.526919320.0000000000297000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	297000
Size:	4096

Details

Name:	00000004.00000003.599222489.00000000038E2000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	38E2000
Size:	8192

Details

Name:	00000004.00000003.477364448.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	16384

Details

Name:	00000004.00000003.548875228.0000000006329000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6329000
Size:	12288

Details

Name:	00000004.00000002.694253131.0000000003521000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3521000
Size:	4096

Details

Name:	00000009.00000002.690065361.00000000001B0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1B0000
Size:	4096

Details

Name:	00000004.00000002.690310177.0000000000267000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	267000
Size:	36864

Details

Name:	00000004.00000002.694771478.0000000004AAC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4AAC000
Size:	16384

Details

Name:	00000004.00000003.524773697.0000000006331000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6331000
Size:	4096

Details

Name:	0000000A.00000002.510165511.0000000001F10000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1F10000
Size:	4096

Details

Name:	0000000C.00000002.514656087.0000000000250000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	250000
Size:	65536

Details

Name:	00000004.00000002.690041671.00000000000F0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	4096

Details

Name:	00000003.00000002.477689838.000000000245F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	245F000
Size:	4096

Details

Name:	00000010.00000002.524253936.0000000000060000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000003.00000002.480454497.000000007EFDF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000C.00000003.507112210.0000000003CC3000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3CC3000
Size:	217088

Details

Name:	00000010.00000002.524476054.0000000000400000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000011.00000002.526802290.000000000016D000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16D000
Size:	4096

Details

Name:	00000004.00000003.485311167.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	65536

Details

Name:	00000009.00000000.486221672.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	0000000E.00000002.523360757.000000007EFC0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.694322559.00000000035D9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	35D9000
Size:	40960

Details

Name:	0000000C.00000003.506806484.0000000000378000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	378000
Size:	4096

Details

Name:	00000004.00000003.483022068.00000000005B2000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5B2000
Size:	8192

Details

Name:	00000004.00000003.548421264.00000000022C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22C0000
Size:	65536

Details

Name:	00000004.00000002.691246135.0000000000B40000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	B40000
Size:	77824

Details

Name:	00000004.00000002.694930910.000000000568D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	568D000
Size:	12288

Details

Name:	00000011.00000003.514312554.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	00000004.00000003.477168987.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	40960

Details

Name:	00000004.00000002.694272805.0000000003551000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3551000
Size:	73728

Details

Name:	0000000B.00000002.514907557.0000000004E8C000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E8C000
Size:	8192

Details

Name:	0000000B.00000002.510775803.00000000001E8000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1E8000
Size:	32768

Details

Name:	0000000E.00000002.523340916.000000007EFA9000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFA9000
Size:	4096

Details

Name:	0000000B.00000002.511363139.00000000004C0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	4096

Details

Name:	0000000B.00000002.515295283.000000007EFC0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000D.00000000.507518024.000000007EFD0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000010.00000002.524260841.0000000000110000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	8192

Details

Name:	00000003.00000002.476968072.0000000000163000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	163000
Size:	4096

Details

Name:	0000000A.00000000.488542166.000000007EFC2000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.525973588.0000000006331000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6331000
Size:	45056

Details

Name:	0000000E.00000003.509467488.0000000000616000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	616000
Size:	40960

Details

Name:	00000003.00000002.477014352.00000000003A0000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	3A0000
Size:	20480

Details

Name:	00000011.00000002.528623182.000000007EFC0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000003.00000003.472792654.00000000004E0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4E0000
Size:	20480

Details

Name:	0000000C.00000002.517718788.000000000498F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	498F000
Size:	4096

Details

Name:	0000000E.00000003.509685491.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	16384

Details

Name:	0000000E.00000002.522195778.00000000001E7000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1E7000
Size:	4096

Details

Name:	0000000A.00000003.505054128.00000000003F0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	00000003.00000003.475060081.0000000000310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	32768

Details

Name:	0000000B.00000002.512479878.0000000000B80000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	B80000
Size:	212992

Details

Name:	00000010.00000002.525428636.000000000520F000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	520F000
Size:	4096

Details

Name:	00000004.00000002.695661682.0000000005EAE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5EAE000
Size:	8192

Details

Name:	00000004.00000003.540438038.0000000000203000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	203000
Size:	53248

Details

Name:	00000009.00000002.690058027.00000000000E0000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E0000
Size:	4096

Details

Name:	00000004.00000003.599355621.0000000003982000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3982000
Size:	8192

Details

Name:	00000011.00000002.528022218.0000000000C76000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000004.00000003.535864620.000000000633C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633C000
Size:	36864

Details

Name:	0000000A.00000003.492011946.0000000000900000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	32768

Details

Name:	00000004.00000003.484484310.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	20480

Details

Name:	00000003.00000002.480088799.000000000547E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	547E000
Size:	8192

Details

Name:	00000004.00000002.694738728.000000000491C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	491C000
Size:	16384

Details

Name:	0000000A.00000003.504993723.00000000003D0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	65536

Details

Name:	00000004.00000002.694727707.000000000489C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	489C000
Size:	16384

Details

Name:	0000000B.00000002.510926655.00000000002B2000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2B2000
Size:	4096

Details

Name:	00000004.00000003.548788979.00000000022B5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B5000
Size:	4096

Details

Name:	0000000D.00000002.508045234.000000007EFD0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000002.690368885.00000000003C0000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	3C0000
Size:	4096

Details

Name:	00000004.00000003.485658823.0000000000488000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	488000
Size:	16384

Details

Name:	00000010.00000002.525122198.0000000000E10000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	E10000
Size:	77824

Details

Name:	00000004.00000003.548866554.0000000006325000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6325000
Size:	4096

Details

Name:	0000000C.00000002.514648200.00000000001C0000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	1C0000
Size:	4096

Details

Name:	0000000E.00000002.522638578.0000000000560000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	560000
Size:	65536

Details

Name:	00000010.00000002.524638312.00000000005B0000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5B0000
Size:	16384

Details

Name:	00000004.00000003.549100268.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	8192

Details

Name:	00000004.00000002.695701848.00000000060AC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	60AC000
Size:	16384

Details

Name:	0000000A.00000002.509561165.0000000000770000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	770000
Size:	77824

Details

Name:	0000000F.00000002.509441138.0000000000BE0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000003.00000002.479573213.0000000004A2F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A2F000
Size:	4096

Details

Name:	0000000A.00000002.513136566.0000000004DDF000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4DDF000
Size:	4096

Details

Name:	00000004.00000002.690880215.0000000000780000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	780000
Size:	53248

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000004.00000003.485253759.0000000000670000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	65536

Details

Name:	0000000E.00000000.508428553.000000007EFB0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000009.00000000.486213508.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000011.00000002.528563611.0000000004D80000.00000040.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4D80000
Size:	4096

Details

Name:	00000004.00000003.487915672.0000000000782000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	782000
Size:	49152

Details

Name:	0000000B.00000003.501742667.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	16384

Details

Name:	00000004.00000002.694647463.00000000038A3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	38A3000
Size:	36864

Details

Name:	00000004.00000002.690185265.000000000018A000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	18A000
Size:	8192

Details

Name:	00000004.00000002.691516728.00000000021D0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	21D0000
Size:	61440

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000003.00000002.477281921.0000000000880000.00000004.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	880000
Size:	28672

Details

Name:	00000003.00000002.477069325.00000000004F7000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F7000
Size:	8192

Details

Name:	0000000C.00000003.507543533.0000000000390000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	390000
Size:	45056

Details

Name:	0000000C.00000002.518077471.000000000AE5E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AE5E000
Size:	8192

Details

Name:	0000000E.00000002.522401256.0000000000357000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	357000
Size:	184320

Details

Name:	0000000C.00000003.506277543.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	16384

Details

Name:	00000004.00000003.548479434.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	00000004.00000002.690030501.0000000000060000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000004.00000003.484452952.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	12288

Details

Name:	0000000B.00000000.490180367.000000007EFC2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000E.00000002.523283981.000000000502E000.00000104.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	502E000
Size:	4096

Details

Name:	00000003.00000002.477010231.0000000000300000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	8192

Details

Name:	00000004.00000003.490165561.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	65536

Details

Name:	00000004.00000002.695952197.00000000075DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	75DD000
Size:	12288

Details

Name:	00000004.00000003.485378597.0000000000486000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	486000
Size:	8192

Details

Name:	00000011.00000002.526796136.0000000000164000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	164000
Size:	4096

Details

Name:	00000004.00000002.696061629.000000007EFE0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	0000000A.00000002.513391054.00000000051EE000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	51EE000
Size:	8192

Details

Name:	00000010.00000002.524344106.000000000015B000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	15B000
Size:	4096

Details

Name:	0000000A.00000002.513015878.0000000004C00000.00000040.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4C00000
Size:	4096

Details

Name:	00000004.00000002.695836390.0000000006375000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6375000
Size:	155648

Details

Name:	0000000A.00000002.513537547.000000000B23F000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B23F000
Size:	4096

Details

Name:	0000000E.00000002.522475251.00000000003F0000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3F0000
Size:	24576

Details

Name:	00000004.00000002.690912627.0000000000790000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	790000
Size:	86016

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000E.00000002.522168033.00000000001C4000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1C4000
Size:	4096

Details

Name:	00000011.00000002.527251494.0000000000422000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	00000011.00000002.526959736.0000000000310000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	310000
Size:	24576

Details

Name:	00000011.00000003.514255895.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	00000004.00000002.694433644.00000000036AA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	36AA000
Size:	36864

Details

Name:	00000004.00000003.548842186.00000000022BC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22BC000
Size:	16384

Details

Name:	00000003.00000002.477018878.0000000000430000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	430000
Size:	65536

Details

Name:	00000003.00000002.480253317.000000000AF1E000.00000104.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	AF1E000
Size:	4096

Details

Name:	00000004.00000003.548457484.00000000022BC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22BC000
Size:	16384

Details

Name:	0000000E.00000002.523277776.0000000004C4E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C4E000
Size:	8192

Details

Name:	0000000E.00000002.522133282.0000000000060000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	0000000B.00000003.504650967.00000000003C0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	4096

Details

Name:	00000011.00000002.528570315.0000000004E6E000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E6E000
Size:	8192

Details

Name:	00000004.00000002.691535543.0000000002220000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2220000
Size:	4096

Details

Name:	00000004.00000002.694314644.00000000035C9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	35C9000
Size:	4096

Details

Name:	00000004.00000002.696017984.000000007EFB0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000E.00000002.523379407.000000007EFDF000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000C.00000002.514514046.0000000000182000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	182000
Size:	4096

Details

Name:	00000004.00000002.690965434.0000000000810000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	810000
Size:	65536

Details

Name:	0000000C.00000003.511907326.0000000004EF1000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4EF1000
Size:	380928

Details

Name:	0000000A.00000002.510261424.000000000227E000.00000104.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	227E000
Size:	4096

Details

Name:	0000000A.00000002.513315785.0000000004EF0000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4EF0000
Size:	12288

Details

Name:	0000000E.00000002.522725684.0000000000630000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	630000
Size:	16384

Details

Name:	00000011.00000003.512252271.0000000000350000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	350000
Size:	28672

Details

Name:	0000000E.00000002.522800196.0000000000910000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	00000011.00000003.513920273.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	40960

Details

Name:	0000000C.00000002.514718486.0000000000420000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	420000
Size:	4096

Details

Name:	00000010.00000003.511077814.00000000002C0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2C0000
Size:	8192

Details

Name:	00000003.00000002.477701512.0000000002461000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2461000
Size:	122880

Details

Name:	00000004.00000002.690940414.00000000007B8000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	7B8000
Size:	12288

Details

Name:	00000010.00000002.524390022.0000000000230000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	230000
Size:	65536

Details

Name:	0000000C.00000000.504164374.000000007EFD0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000010.00000002.524274023.0000000000124000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	124000
Size:	4096

Details

Name:	00000011.00000002.528649992.000000007EFE0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	0000000F.00000000.509272129.000000007EFB2000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000E.00000003.509721737.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	16384

Details

Name:	00000003.00000002.477519950.0000000002172000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2172000
Size:	8192

Details

Name:	00000010.00000000.509635678.0000000000BE2000.00000020.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000010.00000002.525028573.0000000000BE0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000003.548294773.0000000006325000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6325000
Size:	4096

Details

Name:	0000000E.00000002.522625488.0000000000550000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	550000
Size:	20480

Details

Name:	00000004.00000002.690088994.0000000000163000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	163000
Size:	4096

Details

Name:	0000000C.00000000.504159316.000000007EFC2000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.485990212.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	8192

Details

Name:	00000004.00000003.484710403.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	40960

Details

Name:	00000004.00000003.548494495.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	49152

Details

Name:	00000011.00000003.514233822.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	65536

Details

Name:	0000000A.00000002.513573940.000000007EFB2000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000B.00000003.501709162.00000000009D7000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D7000
Size:	36864

Details

Name:	0000000B.00000002.512531353.0000000000BE2000.00000020.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000004.00000003.535885583.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	0000000A.00000002.509093083.0000000000227000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	227000
Size:	36864

Details

Name:	00000003.00000002.476998466.00000000002C7000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2C7000
Size:	36864

Details

Name:	00000011.00000002.527579999.000000000095C000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	95C000
Size:	16384

Details

Name:	00000004.00000002.690768003.0000000000730000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	730000
Size:	20480

Details

Name:	00000004.00000002.696025396.000000007EFB2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000004.00000002.690549932.000000000055C000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	55C000
Size:	438272

Details

Name:	00000011.00000003.514334219.00000000003E8000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E8000
Size:	16384

Details

Name:	0000000A.00000003.504754201.00000000003C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	4096

Details

Name:	00000009.00000002.691144239.000000000211B000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	211B000
Size:	12288

Details

Name:	00000004.00000003.548930793.00000000022B6000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B6000
Size:	8192

Details

Name:	00000004.00000003.532856213.000000000633C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633C000
Size:	36864

Details

Name:	00000004.00000003.487953265.00000000007A0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7A0000
Size:	16384

Details

Name:	00000004.00000002.694847810.000000000530E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	530E000
Size:	8192

Details

Name:	0000000B.00000003.502287279.0000000000A20000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	A20000
Size:	28672

Details

Name:	0000000E.00000002.522931635.0000000001FCE000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1FCE000
Size:	8192

Details

Name:	00000010.00000003.510569764.0000000000240000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	240000
Size:	28672

Details

Name:	00000004.00000002.694604891.0000000003843000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3843000
Size:	4096

Details

Name:	0000000C.00000002.514453785.0000000000060000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	0000000E.00000002.523266154.0000000004B20000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4B20000
Size:	8192

Details

Name:	0000000E.00000003.509758194.0000000000618000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	618000
Size:	16384

Details

Name:	00000004.00000002.695625064.0000000005E1D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5E1D000
Size:	12288

Details

Name:	00000004.00000002.694825383.00000000050BE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50BE000
Size:	8192

Details

Name:	0000000B.00000002.510790971.0000000000260000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	260000
Size:	8192

Details

Name:	00000004.00000002.694688883.0000000004435000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4435000
Size:	4096

Details

Name:	0000000C.00000002.514507691.000000000017D000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	17D000
Size:	4096

Details

Name:	00000004.00000002.691096493.00000000008F2000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	8F2000
Size:	16384

Details

Name:	00000003.00000002.477510650.0000000002154000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2154000
Size:	4096

Details

Name:	00000003.00000000.471635038.0000000000910000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000002.510205492.000000000202C000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	202C000
Size:	16384

Details

Name:	00000004.00000000.476184836.000000007EFC0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000F.00000000.509286467.000000007EFC2000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000B.00000002.514742603.000000000484E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	484E000
Size:	8192

Details

Name:	00000003.00000002.477007166.00000000002DB000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2DB000
Size:	4096

Details

Name:	00000004.00000002.690077177.0000000000150000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	150000
Size:	8192

Details

Name:	0000000C.00000002.518126514.000000007EFB2000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000A.00000002.509271626.0000000000460000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	460000
Size:	8192

Details

Name:	00000010.00000002.524583222.00000000004AF000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4AF000
Size:	4096

Details

Name:	0000000C.00000002.514677929.0000000000260000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	260000
Size:	65536

Details

Name:	00000004.00000002.690347176.00000000002A0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2A0000
Size:	8192

Details

Name:	0000000A.00000002.509228948.0000000000320000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	320000
Size:	65536

Details

Name:	00000004.00000002.693961530.000000000297E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	297E000
Size:	835584

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000004.00000002.690065354.0000000000140000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	140000
Size:	4096

Details

Name:	0000000B.00000003.504783422.00000000003D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	28672

Details

Name:	00000004.00000003.548743629.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	45056

Details

Name:	00000004.00000002.690300768.0000000000260000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	260000
Size:	24576

Details

Name:	00000004.00000002.690956919.000000000080E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	80E000
Size:	8192

Details

Name:	00000003.00000002.480360493.000000007EFB0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000011.00000000.510915598.000000007EFD0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000002.695025168.0000000005880000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5880000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	0000000C.00000002.514791095.0000000000440000.00000004.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	440000
Size:	28672

Details

Name:	00000011.00000002.528603695.000000007EF40000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000003.00000003.474560249.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	28672

Details

Name:	00000003.00000002.480122523.000000000559E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	559E000
Size:	8192

Details

Name:	0000000C.00000002.517779278.0000000004E00000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4E00000
Size:	8192

Details

Name:	0000000B.00000002.512337312.00000000007A0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7A0000
Size:	77824

Details

Name:	0000000B.00000002.511285392.00000000004AE000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4AE000
Size:	4096

Details

Name:	00000004.00000002.690641974.00000000005D8000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5D8000
Size:	8192

Details

Name:	00000004.00000002.690846222.0000000000738000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	738000
Size:	12288

Details

Name:	00000011.00000002.526935780.000000000029B000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	29B000
Size:	4096

Details

Name:	0000000B.00000002.510932780.00000000002B7000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2B7000
Size:	4096

Details

Name:	00000004.00000002.694915054.000000000556F000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	556F000
Size:	4096

Details

Name:	00000004.00000002.690289471.0000000000250000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	250000
Size:	65536

Details

Name:	0000000C.00000002.515114235.0000000000750000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	750000
Size:	16384

Details

Name:	0000000C.00000002.517649850.000000000453D000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	453D000
Size:	12288

Details

Name:	00000003.00000002.477472159.0000000002000000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2000000
Size:	4096

Details

Name:	00000010.00000002.524337944.0000000000157000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	157000
Size:	4096

Details

Name:	00000004.00000003.548521392.00000000022B8000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B8000
Size:	16384

Details

Name:	0000000D.00000002.508022840.000000007EFB2000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000C.00000002.516673560.0000000003201000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3201000
Size:	28672

Details

Name:	00000003.00000002.477091258.000000000053C000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	53C000
Size:	450560

Details

Name:	0000000B.00000002.510719002.0000000000010000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000C.00000002.515504954.0000000000B1E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B1E000
Size:	8192

Details

Name:	0000000B.00000002.510815844.0000000000280000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	53248

Details

Name:	0000000E.00000002.522895449.00000000009A6000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	00000004.00000003.536654259.000000000633B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633B000
Size:	36864

Details

Name:	00000003.00000003.475093373.0000000000310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	65536

Details

Name:	00000003.00000002.480051949.000000000513D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	513D000
Size:	8192

Details

Name:	00000003.00000003.474615945.00000000036E8000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	36E8000
Size:	245760

Details

Name:	00000009.00000002.690120669.00000000002B6000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2B6000
Size:	8192

Details

Name:	00000010.00000002.525178862.0000000002500000.00000040.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2500000
Size:	4096

Details

Name:	0000000E.00000002.523297858.000000000502F000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	502F000
Size:	4096

Details

Name:	00000004.00000003.548277496.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	00000011.00000002.528540325.00000000049B0000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	49B0000
Size:	4096

Details

Name:	00000004.00000003.504966734.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	36864

Details

Name:	0000000C.00000002.515720742.0000000000C76000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000011.00000002.527437985.000000000086D000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	86D000
Size:	200704

Details

Name:	00000003.00000002.480373522.000000007EFB2000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000A.00000002.509186018.000000000028A000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	28A000
Size:	4096

Details

Name:	00000004.00000002.690006683.0000000000020000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000004.00000003.484611611.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	40960

Details

Name:	0000000A.00000003.508678845.0000000004DE1000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4DE1000
Size:	380928

Details

Name:	00000011.00000002.527153143.0000000000380000.00000004.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	380000
Size:	8192

Details

Name:	0000000C.00000002.517951154.000000000518D000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	518D000
Size:	8192

Details

Name:	0000000D.00000002.507875167.0000000000BE2000.00000020.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	0000000C.00000002.514433091.0000000000010000.00000004.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000004.00000003.484652014.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	28672

Details

Name:	00000004.00000002.690948278.00000000007C0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	7C0000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000000.488530887.000000007EFB0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000010.00000003.510635805.0000000000240000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	240000
Size:	20480

Details

Name:	00000003.00000002.480467909.000000007EFE0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	0000000B.00000002.510995102.0000000000330000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	65536

Details

Name:	00000004.00000002.691270418.0000000000CD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	CD0000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000A.00000002.509199368.0000000000310000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	310000
Size:	65536

Details

Name:	0000000C.00000002.514753636.000000000042B000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	42B000
Size:	20480

Details

Name:	0000000D.00000000.507489644.0000000000C76000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000004.00000003.477347873.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	65536

Details

Name:	0000000C.00000003.507599090.0000000000380000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	380000
Size:	65536

Details

Name:	0000000E.00000003.509581659.0000000000670000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	8192

Details

Name:	00000004.00000002.690112792.000000000016D000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16D000
Size:	4096

Details

Name:	00000003.00000003.476570597.0000000000170000.00000040.00000040.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	170000
Size:	4096

Details

Name:	0000000F.00000000.509278060.000000007EFC0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000C.00000000.504149526.000000007EFB2000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000E.00000003.521891488.0000000000680000.00000040.00000040.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	680000
Size:	4096

Details

Name:	0000000A.00000002.509290918.0000000000474000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	474000
Size:	24576

Details

Name:	00000009.00000002.690094816.000000000027C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	27C000
Size:	16384

Details

Name:	00000004.00000003.484759236.0000000000670000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	28672

Details

Name:	00000004.00000002.691087531.00000000008D4000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	8D4000
Size:	4096

Details

Name:	00000003.00000003.474980265.0000000000300000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	300000
Size:	4096

Details

Name:	0000000B.00000003.505030530.00000000003F0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	00000011.00000002.527758073.0000000000AF0000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	AF0000
Size:	12288

Details

Name:	00000004.00000003.524751892.0000000006322000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6322000
Size:	40960

Details

Name:	00000011.00000002.526809301.0000000000266000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	266000
Size:	40960

Details

Name:	00000004.00000003.485678852.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	36864

Details

Name:	00000004.00000003.599211149.00000000038C2000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	38C2000
Size:	45056

Details

Name:	0000000E.00000002.523332442.000000007EF40000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000010.00000002.524405156.0000000000240000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	240000
Size:	8192

Details

Name:	0000000C.00000002.514972196.00000000004C0000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4C0000
Size:	16384

Details

Name:	00000010.00000002.524986275.0000000000A50000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	A50000
Size:	16384

Details

Name:	00000004.00000003.548324092.0000000006329000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6329000
Size:	12288

Details

Name:	0000000C.00000002.515743569.00000000021FF000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	21FF000
Size:	4096

Details

Name:	0000000A.00000003.503887142.0000000000900000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	28672

Details

Name:	00000010.00000002.524622486.00000000004F5000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4F5000
Size:	36864

Details

Name:	00000011.00000002.528087851.000000000212E000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	212E000
Size:	8192

Details

Name:	0000000B.00000002.515151223.000000000520E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	520E000
Size:	8192

Details

Name:	00000004.00000003.504925370.00000000007C8000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C8000
Size:	16384

Details

Name:	0000000C.00000003.507572075.00000000003B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3B0000
Size:	8192

Details

Name:	0000000B.00000002.515225469.000000000AD8F000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AD8F000
Size:	4096

Details

Name:	0000000E.00000002.522750990.00000000006C0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6C0000
Size:	24576

Details

Name:	0000000E.00000003.509129680.0000000000575000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	575000
Size:	8192

Details

Name:	0000000F.00000002.509593390.000000007EFD0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000009.00000000.486203494.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	0000000B.00000003.505014722.0000000000400000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	400000
Size:	8192

Details

Name:	00000004.00000003.548831287.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	45056

Details

Name:	00000004.00000003.476853707.0000000000280000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	28672

Details

Name:	0000000A.00000003.504423206.0000000003D43000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D43000
Size:	217088

Details

Name:	0000000E.00000002.522302334.0000000000250000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	250000
Size:	16384

Details

Name:	0000000B.00000002.510946974.00000000002E0000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2E0000
Size:	65536

Details

Name:	0000000E.00000002.522741451.0000000000655000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	655000
Size:	36864

Details

Name:	00000010.00000003.510939961.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	20480

Details

Name:	0000000C.00000002.514534946.0000000000187000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	187000
Size:	4096

Details

Name:	0000000C.00000003.507495671.0000000000380000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	380000
Size:	28672

Details

Name:	00000011.00000002.526699896.0000000000020000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000004.00000003.526009355.0000000006323000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6323000
Size:	36864

Details

Name:	0000000A.00000000.488330649.0000000000912000.00000020.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	0000000C.00000002.517233873.0000000004280000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4280000
Size:	913408

Details

Name:	00000004.00000003.484526487.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	65536

Details

Name:	00000004.00000002.695818324.0000000006350000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6350000
Size:	24576

Details

Name:	00000004.00000003.484428538.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	16384

Details

Name:	00000004.00000003.548809212.00000000022D0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22D0000
Size:	8192

Details

Name:	00000011.00000003.513965367.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	20480

Details

Name:	00000004.00000002.690741509.0000000000720000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	720000
Size:	65536

Details

Name:	0000000E.00000002.522314643.00000000002F0000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	2F0000
Size:	16384

Details

Name:	0000000E.00000000.508417476.00000000009A6000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	0000000A.00000002.512881150.0000000004280000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4280000
Size:	4096

Details

Name:	00000004.00000002.694461812.00000000036EA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	36EA000
Size:	49152

Details

Name:	0000000B.00000003.510215701.0000000004E31000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4E31000
Size:	380928

Details

Name:	00000004.00000001.476280643.0000000000910000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000F.00000002.509570544.000000007EFB2000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000A.00000002.509410593.00000000004F4000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F4000
Size:	110592

Details

Name:	00000003.00000000.471783468.00000000009A6000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	0000000C.00000003.506775728.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	28672

Details

Name:	0000000B.00000002.514784823.0000000004C9C000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C9C000
Size:	16384

Details

Name:	00000004.00000003.549115931.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	0000000E.00000003.509451671.0000000000620000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	620000
Size:	57344

Details

Name:	0000000B.00000000.488705143.0000000000BE0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000002.690870254.0000000000740000.00000040.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	740000
Size:	4096

Details

Name:	0000000E.00000002.523305609.000000000518E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	518E000
Size:	8192

Details

Name:	00000003.00000002.480277142.000000000B1BF000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B1BF000
Size:	4096

Details

Name:	00000011.00000002.528548682.00000000049B4000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	49B4000
Size:	4096

Details

Name:	00000003.00000003.474688869.0000000003F23000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F23000
Size:	217088

Details

Name:	00000004.00000003.477241866.0000000000456000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	456000
Size:	40960

Details

Name:	00000003.00000002.476951510.0000000000050000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000B.00000002.514414620.0000000004670000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4670000
Size:	913408

Details

Name:	0000000B.00000002.515158579.000000000525E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	525E000
Size:	8192

Details

Name:	00000010.00000002.525170770.00000000024C0000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	24C0000
Size:	8192

Details

Name:	00000011.00000002.526747448.0000000000150000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	150000
Size:	8192

Details

Name:	0000000D.00000000.507497594.000000007EFB0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000010.00000002.525512964.000000007EFDF000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000004.00000003.549266255.0000000006342000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6342000
Size:	8192

Details

Name:	00000003.00000002.479891075.0000000005110000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5110000
Size:	8192

Details

Name:	00000003.00000002.477671910.000000000245E000.00000104.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	245E000
Size:	4096

Details

Name:	00000003.00000002.476984401.00000000001BD000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1BD000
Size:	4096

Details

Name:	00000004.00000002.694974477.000000000574D000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	574D000
Size:	12288

Details

Name:	00000004.00000000.476154806.000000007EFB0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000011.00000002.526729444.0000000000090000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	90000
Size:	16384

Details

Name:	0000000B.00000002.512744867.00000000021BF000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	0000000A.00000003.504189519.0000000003508000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3508000
Size:	245760

Details

Name:	00000010.00000002.525098610.0000000000C76000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	0000000A.00000002.509524997.0000000000769000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	769000
Size:	24576

Details

Name:	00000011.00000002.526824481.0000000000270000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	270000
Size:	53248

Details

Name:	0000000B.00000000.490143470.000000007EFB0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000B.00000001.491275920.0000000000BE0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000004.00000002.694579504.0000000003803000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3803000
Size:	40960

Details

Name:	00000004.00000003.485425674.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	49152

Details

Name:	00000004.00000002.691566014.00000000022F0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	22F0000
Size:	8192

Details

Name:	00000004.00000002.690403509.0000000000422000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	0000000B.00000003.505102212.00000000003D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	65536

Details

Name:	00000003.00000002.476991607.00000000001C7000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1C7000
Size:	4096

Details

Name:	00000003.00000002.480341080.000000007EF40000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000004.00000002.690715394.00000000006E7000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6E7000
Size:	4096

Details

Name:	0000000A.00000002.509322197.0000000000490000.00000004.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	490000
Size:	28672

Details

Name:	00000003.00000002.479751003.0000000004F90000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F90000
Size:	385024

Details

Name:	00000011.00000002.526953222.00000000002D0000.00000040.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2D0000
Size:	4096

Details

Name:	00000004.00000003.486159965.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	12288

Details

Name:	0000000C.00000000.504135503.000000007EFB0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000B.00000002.514801174.0000000004CD0000.00000040.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	4CD0000
Size:	4096

Details

Name:	00000011.00000002.527185147.0000000000400000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	0000000A.00000002.509257326.00000000003C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	8192

Details

Name:	00000004.00000003.504878042.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	28672

Details

Name:	00000003.00000002.480162525.000000000A831000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A831000
Size:	4096

Details

Name:	00000009.00000002.690047163.00000000000D0000.00000004.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	D0000
Size:	8192

Details

Name:	00000004.00000003.502619343.0000000006301000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6301000
Size:	323584

Details

Name:	0000000B.00000002.515255445.000000000B10F000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B10F000
Size:	4096

Details

Name:	00000004.00000003.540772277.0000000006329000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6329000
Size:	12288

Details

Name:	00000004.00000003.484462603.0000000000475000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	475000
Size:	4096

Details

Name:	00000004.00000002.691237075.0000000000B30000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	B30000
Size:	12288

Details

Name:	0000000E.00000002.522693264.0000000000590000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	590000
Size:	28672

Details

Name:	00000009.00000002.690257595.00000000006E0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6E0000
Size:	77824

Details

Name:	00000011.00000002.528327457.000000000435E000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	435E000
Size:	8192

Details

Name:	00000004.00000003.548902760.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	0000000B.00000002.511638667.00000000004F0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F0000
Size:	32768

Details

Name:	00000003.00000002.476977987.00000000001B0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1B0000
Size:	53248

Details

Name:	00000003.00000003.473945392.0000000000900000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	65536

Details

Name:	0000000D.00000000.507502574.000000007EFB2000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000B.00000002.514754791.000000000494F000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	494F000
Size:	4096

Details

Name:	00000004.00000002.693695717.0000000002924000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2924000
Size:	135168

Details

Name:	00000003.00000002.477051424.00000000004E2000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E2000
Size:	4096

Details

Name:	0000000B.00000002.515274016.000000007EF40000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000011.00000000.510895802.000000007EFC2000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000C.00000003.506260910.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	24576

Details

Name:	0000000A.00000000.488545770.000000007EFD0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000B.00000002.511078545.0000000000340000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	340000
Size:	69632

Details

Name:	00000003.00000002.480287057.000000000B34E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B34E000
Size:	8192

Details

Name:	0000000E.00000002.523218057.000000000489E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	489E000
Size:	8192

Details

Name:	00000003.00000002.477463488.0000000001F7E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F7E000
Size:	8192

Details

Name:	00000004.00000002.690247408.00000000001F8000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	1F8000
Size:	94208

Details

Name:	00000004.00000003.485824271.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	16384

Details

Name:	0000000A.00000003.498487362.0000000000900000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	65536

Details

Name:	0000000C.00000002.515542250.0000000000BE2000.00000020.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000004.00000003.539820323.00000000001F5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F5000
Size:	45056

Details

Name:	00000004.00000002.695827053.0000000006357000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6357000
Size:	12288

Details

Name:	00000004.00000003.548939831.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	49152

Details

Name:	00000004.00000002.694715036.000000000457E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	457E000
Size:	8192

Details

Name:	00000004.00000002.695975183.000000000787E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	787E000
Size:	8192

Details

Name:	00000004.00000003.485830451.0000000000485000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	485000
Size:	8192

Details

Name:	0000000A.00000002.513603638.000000007EFE0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000004.00000003.548781868.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	12288

Details

Name:	00000003.00000002.479391239.000000000458D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	458D000
Size:	12288

Details

Name:	0000000C.00000002.517911264.0000000004F4C000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F4C000
Size:	8192

Details

Name:	0000000C.00000003.506132665.0000000000510000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	32768

Details

Name:	0000000E.00000002.522941410.0000000001FF0000.00000040.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	1FF0000
Size:	4096

Details

Name:	0000000C.00000002.514446598.0000000000050000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000B.00000002.512326421.0000000000790000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	790000
Size:	12288

Details

Name:	00000003.00000002.476971360.0000000000164000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	164000
Size:	4096

Details

Name:	00000010.00000002.524349598.00000000001AA000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1AA000
Size:	24576

Details

Name:	00000004.00000002.690176109.0000000000186000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	186000
Size:	8192

Details

Name:	00000011.00000002.526977364.0000000000320000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	320000
Size:	20480

Details

Name:	0000000E.00000000.508456573.000000007EFD0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000011.00000002.528591613.00000000051DF000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	51DF000
Size:	4096

Details

Name:	00000004.00000003.477237435.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	20480

Details

Name:	00000003.00000002.477258644.00000000006D0000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	6D0000
Size:	16384

Details

Name:	00000004.00000002.695753230.00000000061C0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	61C0000
Size:	12288

Details

Name:	00000010.00000002.524331212.000000000014A000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	14A000
Size:	4096

Details

Name:	0000000E.00000002.522190215.00000000001DD000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1DD000
Size:	4096

Details

Name:	0000000D.00000001.507765125.0000000000BE0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000E.00000003.509527699.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	8192

Details

Name:	00000011.00000002.528610659.000000007EFB0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000A.00000002.513466693.000000000ABFE000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ABFE000
Size:	8192

Details

Name:	00000004.00000002.691505875.00000000021C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	21C0000
Size:	49152

Details

Name:	00000009.00000002.690234829.0000000000550000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	550000
Size:	24576

Details

Name:	0000000A.00000002.509122017.0000000000250000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	8192

Details

Name:	0000000D.00000002.507868153.0000000000BE0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000003.00000002.480266766.000000000AF1F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AF1F000
Size:	4096

Details

Name:	00000004.00000003.599410471.00000000039A3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39A3000
Size:	40960

Details

Name:	00000011.00000002.527340886.0000000000820000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	820000
Size:	16384

Details

Name:	0000000C.00000003.507024665.0000000003488000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3488000
Size:	245760

Details

Name:	00000004.00000003.505436754.0000000004430000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4430000
Size:	65536

Details

Name:	00000009.00000002.691163059.000000000230D000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	230D000
Size:	12288

Details

Name:	00000011.00000002.526864722.0000000000287000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	287000
Size:	4096

Details

Name:	00000004.00000003.527713147.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	00000003.00000002.477424121.00000000009A6000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	00000011.00000002.528556465.00000000049D2000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	49D2000
Size:	12288

Details

Name:	00000004.00000003.599438915.00000000039C3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	39C3000
Size:	40960

Details

Name:	0000000A.00000002.509277349.0000000000470000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	4096

Details

Name:	00000011.00000003.512336371.0000000000350000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	350000
Size:	20480

Details

Name:	00000004.00000002.694224427.00000000034E1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	34E1000
Size:	4096

Details

Name:	0000000C.00000002.515734725.00000000021FE000.00000104.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	21FE000
Size:	4096

Details

Name:	0000000A.00000002.510218834.00000000020E0000.00000040.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	20E0000
Size:	4096

Details

Name:	0000000B.00000002.512431121.0000000000B30000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B30000
Size:	12288

Details

Name:	00000004.00000002.694415051.000000000368A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	368A000
Size:	4096

Details

Name:	00000004.00000002.690511294.000000000051C000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	51C000
Size:	258048

Details

Name:	00000004.00000003.477392338.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	16384

Details

Name:	0000000C.00000001.504202233.0000000000BE0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000A.00000002.509182100.0000000000287000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	287000
Size:	4096

Details

Name:	00000004.00000002.695671812.0000000005F0E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5F0E000
Size:	8192

Details

Name:	0000000B.00000003.505072646.00000000003E0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	65536

Details

Name:	00000003.00000002.477027184.000000000047E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47E000
Size:	8192

Details

Name:	00000004.00000003.485844261.0000000000486000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	486000
Size:	8192

Details

Name:	00000004.00000002.694860364.00000000053AE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	53AE000
Size:	8192

Details

Name:	00000011.00000002.526902652.000000000028A000.00000040.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	28A000
Size:	4096

Details

Name:	00000011.00000002.528636172.000000007EFD0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000003.527746194.0000000006328000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6328000
Size:	16384

Details

Name:	0000000E.00000003.509594829.0000000000620000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	620000
Size:	65536

Details

Name:	00000011.00000001.511125789.0000000000BE0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000E.00000003.509316744.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	4096

Details

Name:	00000004.00000003.484854686.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	8192

Details

Name:	00000009.00000002.691409698.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000010.00000002.524415464.0000000000250000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	250000
Size:	28672

Details

Name:	0000000C.00000003.512107648.0000000000802000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	802000
Size:	28672

Details

Name:	00000003.00000003.476362979.0000000002290000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2290000
Size:	434176

Details

Name:	00000004.00000002.694448336.00000000036CA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	36CA000
Size:	36864

Details

Name:	00000004.00000002.691115753.0000000000912000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	0000000A.00000003.499264923.00000000004C7000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C7000
Size:	36864

Details

Name:	0000000C.00000003.512257532.0000000000200000.00000040.00000040.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	200000
Size:	4096

Details

Name:	0000000C.00000002.515159581.0000000000790000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	790000
Size:	12288

Details

Name:	00000010.00000002.524996919.0000000000ABE000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ABE000
Size:	8192

Details

Name:	00000003.00000002.479715558.0000000004CAE000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CAE000
Size:	8192

Details

Name:	00000004.00000000.476191574.000000007EFC2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000A.00000002.509341340.00000000004B0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	65536

Details

Name:	00000011.00000002.527376677.0000000000844000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	844000
Size:	110592

Details

Name:	0000000E.00000002.522805967.0000000000912000.00000020.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	00000004.00000003.548504614.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	0000000B.00000003.503960937.00000000003C8000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3C8000
Size:	4096

Details

Name:	00000004.00000002.695944941.000000000743C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	743C000
Size:	16384

Details

Name:	00000003.00000002.477043919.00000000004D0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D0000
Size:	8192

Details

Name:	00000004.00000003.599342737.0000000003963000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3963000
Size:	40960

Details

Name:	0000000C.00000002.517922710.000000000516E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	516E000
Size:	8192

Details

Name:	00000004.00000003.477423056.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	36864

Details

Name:	0000000A.00000002.510225323.0000000002120000.00000004.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2120000
Size:	212992

Details

Name:	0000000B.00000002.510744485.00000000000A0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	A0000
Size:	4096

Details

Name:	00000004.00000003.485244756.0000000000720000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	720000
Size:	8192

Details

Name:	00000003.00000002.476987976.00000000001C2000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1C2000
Size:	4096

Details

Name:	00000011.00000002.528120164.000000000222F000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	222F000
Size:	4096

Details

Name:	0000000B.00000003.510397616.00000000002F0000.00000040.00000040.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2F0000
Size:	4096

Details

Name:	0000000E.00000002.522794713.00000000008C0000.00000040.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	8C0000
Size:	4096

Details

Name:	00000004.00000002.689994115.0000000000010000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000C.00000002.514473243.0000000000163000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	163000
Size:	4096

Details

Name:	0000000A.00000002.510159923.0000000001F0E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0E000
Size:	8192

Details

Name:	00000004.00000003.476872599.0000000000285000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	285000
Size:	8192

Details

Name:	0000000E.00000002.522154183.00000000001B0000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1B0000
Size:	8192

Details

Name:	00000004.00000003.477409575.0000000000458000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	458000
Size:	16384

Details

Name:	00000011.00000002.528341498.0000000004360000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4360000
Size:	913408

Details

Name:	0000000C.00000002.517941950.0000000005170000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5170000
Size:	4096

Details

Name:	0000000B.00000002.512520170.0000000000BE0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000010.00000002.524610354.00000000004D7000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4D7000
Size:	4096

Details

Name:	0000000C.00000002.514485073.000000000016D000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	16D000
Size:	4096

Details

Name:	0000000A.00000002.513245857.0000000004DE0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4DE0000
Size:	4096

Details

Name:	0000000A.00000003.504857150.00000000003D0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	28672

Details

Name:	0000000C.00000002.517615542.00000000043C2000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	43C2000
Size:	8192

Details

Name:	00000010.00000002.524765291.00000000007A7000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7A7000
Size:	4096

Details

Name:	00000004.00000000.476016529.0000000000910000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000C.00000003.507429920.0000000000370000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	370000
Size:	4096

Details

Name:	00000003.00000002.480217727.000000000ACFE000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ACFE000
Size:	8192

Details

Name:	00000011.00000003.514220864.00000000003F0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	65536

Details

Name:	00000003.00000002.477805956.0000000002480000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2480000
Size:	110592

Details

Name:	00000004.00000002.695770617.0000000006300000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6300000
Size:	126976

Details

Name:	00000004.00000002.690213147.00000000001D0000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	1D0000
Size:	126976

Details

Name:	00000011.00000002.528196057.0000000003231000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3231000
Size:	24576

Details

Name:	0000000A.00000003.504114133.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	28672

Details

Name:	00000011.00000002.528031749.00000000020E0000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20E0000
Size:	8192

Details

Name:	0000000A.00000002.513362682.0000000004F80000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F80000
Size:	4096

Details

Name:	00000004.00000002.694699895.0000000004452000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4452000
Size:	24576

Details

Name:	00000010.00000002.525154158.000000000242E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	242E000
Size:	8192

Details

Name:	00000004.00000002.690268791.0000000000210000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	210000
Size:	32768

Details

Name:	0000000B.00000002.510875978.0000000000297000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	297000
Size:	4096

Details

Name:	00000004.00000003.599328699.0000000003943000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3943000
Size:	40960

Details

Name:	00000010.00000002.524245618.0000000000050000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000B.00000003.501226493.0000000000A20000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	A20000
Size:	65536

Details

Name:	00000011.00000002.527270988.0000000000440000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	440000
Size:	24576

Details

Name:	00000004.00000002.695890426.0000000006AED000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6AED000
Size:	12288

Details

Name:	00000003.00000002.479962863.0000000005120000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5120000
Size:	4096

Details

Name:	00000004.00000003.477072595.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	4096

Details

Name:	0000000B.00000002.510866637.0000000000292000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	292000
Size:	4096

Details

Name:	00000004.00000002.694592490.0000000003823000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3823000
Size:	40960

Details

Name:	0000000C.00000002.518016907.0000000007772000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7772000
Size:	4096

Details

Name:	00000004.00000003.549149590.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	12288

Details

Name:	0000000B.00000002.515289719.000000007EFB2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000B.00000002.512392879.0000000000A70000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	A70000
Size:	4096

Details

Name:	0000000E.00000002.522209634.00000000001EA000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1EA000
Size:	4096

Details

Name:	00000003.00000002.477059476.00000000004EB000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EB000
Size:	20480

Details

Name:	0000000E.00000003.509166217.0000000000570000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	570000
Size:	20480

Details

Name:	0000000E.00000003.509771845.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	36864

Details

Name:	00000009.00000002.690228631.00000000004D2000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4D2000
Size:	8192

Details

Name:	0000000C.00000000.501701827.0000000000BE2000.00000020.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	0000000A.00000003.498160669.0000000001F50000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F50000
Size:	20480

Details

Name:	00000003.00000002.480301433.000000000B47E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B47E000
Size:	8192

Details

Name:	0000000A.00000002.510153415.0000000001ECE000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1ECE000
Size:	4096

Details

Name:	0000000B.00000003.504007933.0000000003528000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3528000
Size:	245760

Details

Name:	0000000C.00000002.515005804.000000000050C000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	50C000
Size:	16384

Details

Name:	00000004.00000003.504216609.0000000000820000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	820000
Size:	8192

Details

Name:	0000000B.00000003.498196057.00000000004C0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	20480

Details

Name:	0000000B.00000002.515234574.000000000AE9E000.00000104.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	AE9E000
Size:	4096

Details

Name:	00000003.00000002.476995066.00000000001CA000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1CA000
Size:	4096

Details

Name:	00000010.00000002.525483746.000000007EFB2000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000011.00000002.527307635.00000000005F0000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5F0000
Size:	16384

Details

Name:	0000000C.00000002.518148429.000000007EFC2000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000E.00000002.522230456.000000000022A000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22A000
Size:	24576

Details

Name:	00000004.00000002.690497552.0000000000510000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	510000
Size:	40960

Details

Name:	00000011.00000002.527093352.0000000000350000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	350000
Size:	8192

Details

Name:	00000004.00000003.484830739.00000000006C5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6C5000
Size:	8192

Details

Name:	0000000E.00000002.522758172.0000000000840000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	840000
Size:	12288

Details

Name:	00000004.00000003.548890438.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	00000010.00000003.511585674.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	49152

Details

Name:	0000000B.00000002.515248545.000000000AFEE000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AFEE000
Size:	8192

Details

Name:	0000000A.00000002.509128181.0000000000263000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	263000
Size:	4096

Details

Name:	0000000E.00000002.522659907.0000000000570000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	570000
Size:	8192

Details

Name:	00000004.00000003.504360424.00000000007CC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7CC000
Size:	16384

Details

Name:	0000000B.00000002.512015249.0000000000550000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	550000
Size:	8192

Details

Name:	00000004.00000003.548980631.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	36864

Details

Name:	00000010.00000002.524592229.00000000004D0000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4D0000
Size:	16384

Details

Name:	0000000B.00000002.511248085.000000000041E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	41E000
Size:	8192

Details

Name:	0000000E.00000002.523084867.000000000445E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	445E000
Size:	8192

Details

Name:	00000003.00000000.471793270.000000007EFB2000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000004.00000003.485887470.0000000000720000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	720000
Size:	65536

Details

Name:	00000004.00000003.504266467.0000000000810000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	810000
Size:	65536

Details

Name:	00000003.00000003.475050015.0000000000310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	28672

Details

Name:	00000010.00000003.524035849.00000000009F0000.00000040.00000040.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	9F0000
Size:	4096

Details

Name:	00000010.00000002.524268015.0000000000123000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	123000
Size:	4096

Details

Name:	0000000B.00000002.511134733.00000000003C0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3C0000
Size:	8192

Details

Name:	0000000E.00000002.522460173.0000000000385000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	385000
Size:	122880

Details

Name:	00000010.00000002.524686486.000000000073F000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	73F000
Size:	4096

Details

Name:	0000000C.00000002.517689915.0000000004810000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4810000
Size:	4096

Details

Name:	0000000C.00000002.517171180.000000000427C000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	427C000
Size:	16384

Details

Name:	00000004.00000002.695689398.0000000005FF0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5FF0000
Size:	20480

Details

Name:	00000004.00000003.548486196.00000000022B6000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B6000
Size:	8192

Details

Name:	00000004.00000002.690141737.000000000017D000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	17D000
Size:	4096

Details

Name:	00000004.00000003.488746670.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	28672

Details

Name:	0000000A.00000000.488525395.00000000009A6000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	00000004.00000003.504304676.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	45056

Details

Name:	00000010.00000003.511249442.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	65536

Details

Name:	00000009.00000002.690107520.0000000000280000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	4096

Details

Name:	00000009.00000002.690077217.00000000001B4000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1B4000
Size:	20480

Details

Name:	0000000E.00000002.522284401.0000000000237000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	237000
Size:	4096

Details

Name:	00000004.00000003.548532860.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	36864

Details

Name:	00000011.00000002.528584968.0000000004F8F000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F8F000
Size:	4096

Details

Name:	00000004.00000003.485898814.0000000000672000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	672000
Size:	57344

Details

Name:	00000003.00000002.476943246.0000000000010000.00000004.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000A.00000002.509442216.000000000051C000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	51C000
Size:	270336

Details

Name:	00000004.00000003.484867235.0000000000670000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	28672

Details

Name:	0000000C.00000003.507521198.0000000000380000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	380000
Size:	32768

Details

Name:	0000000A.00000002.509397798.00000000004D7000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4D7000
Size:	8192

Details

Name:	00000010.00000003.510879874.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	40960

Details

Name:	0000000B.00000003.501679456.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	24576

Details

Name:	00000009.00000002.691132206.00000000020E4000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20E4000
Size:	4096

Details

Name:	0000000C.00000002.517805179.0000000004E10000.00000004.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4E10000
Size:	430080

Details

Name:	00000004.00000002.693438850.00000000028B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	28B0000
Size:	462848

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000009.00000002.690337039.0000000001C70000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1C70000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000003.485358929.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	16384

Details

Name:	0000000C.00000002.514640849.000000000019B000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	19B000
Size:	4096

Details

Name:	0000000A.00000002.510330684.00000000022A0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22A0000
Size:	110592

Details

Name:	0000000C.00000002.515134159.0000000000774000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	774000
Size:	110592

Details

Name:	0000000E.00000003.509729522.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	28672

Details

Name:	00000004.00000002.695614062.0000000005DDD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5DDD000
Size:	12288

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000A.00000002.509135831.0000000000264000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	264000
Size:	4096

Details

Name:	0000000A.00000002.510174148.0000000001F9E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F9E000
Size:	8192

Details

Name:	0000000C.00000003.511123002.0000000004D90000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4D90000
Size:	434176

Details

Name:	00000004.00000003.548952134.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	00000004.00000003.504857920.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	16384

Details

Name:	0000000C.00000002.518003533.000000000560E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	560E000
Size:	8192

Details

Name:	0000000A.00000003.504168103.00000000003C8000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3C8000
Size:	4096

Details

Name:	0000000B.00000002.515169266.000000000529E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	529E000
Size:	8192

Details

Name:	00000004.00000002.694296483.0000000003599000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3599000
Size:	40960

Details

Name:	00000004.00000002.690432511.0000000000470000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	470000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000E.00000002.523251969.00000000049FF000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	49FF000
Size:	4096

Details

Name:	00000004.00000002.690859054.000000000073C000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	73C000
Size:	12288

Details

Name:	0000000B.00000002.512399901.0000000000AB0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AB0000
Size:	4096

Details

Name:	00000010.00000002.525496627.000000007EFC2000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.516875066.0000000006322000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6322000
Size:	40960

Details

Name:	0000000C.00000002.518185546.000000007EFDF000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000B.00000000.490175697.000000007EFC0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.692454120.0000000002714000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2714000
Size:	249856

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000A.00000002.509066615.0000000000020000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000003.00000002.479678917.0000000004BAE000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4BAE000
Size:	8192

Details

Name:	0000000C.00000002.517751145.0000000004D8F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4D8F000
Size:	4096

Details

Name:	00000003.00000003.475121267.0000000000330000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	65536

Details

Name:	0000000A.00000002.513399370.000000000523E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	523E000
Size:	8192

Details

Name:	0000000B.00000002.510738416.000000000009B000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9B000
Size:	20480

Details

Name:	00000004.00000002.690375765.0000000000400000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	0000000C.00000002.514588612.0000000000192000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	192000
Size:	4096

Details

Name:	0000000E.00000002.522902127.00000000009B0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9B0000
Size:	77824

Details

Name:	0000000B.00000003.510316763.00000000005C0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C0000
Size:	24576

Details

Name:	0000000E.00000002.522162328.00000000001C3000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1C3000
Size:	4096

Details

Name:	00000004.00000002.694400133.000000000366A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	366A000
Size:	36864

Details

Name:	00000004.00000003.501361984.0000000003CB1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3CB1000
Size:	167936

Details

Name:	00000004.00000002.690192058.0000000000192000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	192000
Size:	4096

Details

Name:	00000003.00000002.477123126.00000000005AB000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5AB000
Size:	8192

Details

Name:	00000010.00000002.525400309.000000000483F000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	483F000
Size:	4096

Details

Name:	00000010.00000002.524358305.000000000020E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20E000
Size:	8192

Details

Name:	0000000A.00000002.513025144.0000000004C40000.00000004.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4C40000
Size:	430080

Details

Name:	0000000F.00000002.509587946.000000007EFC2000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.488048309.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	4096

Details

Name:	00000003.00000002.479845347.000000000510D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	510D000
Size:	12288

Details

Name:	0000000E.00000002.522768785.0000000000864000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	864000
Size:	4096

Details

Name:	00000004.00000002.690476270.00000000004F4000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F4000
Size:	110592

Details

Name:	0000000B.00000002.511876553.0000000000510000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	510000
Size:	16384

Details

Name:	00000004.00000002.695929492.00000000071DB000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	71DB000
Size:	20480

Details

Name:	00000004.00000002.695602878.0000000005CDC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5CDC000
Size:	16384

Details

Name:	00000004.00000002.690362891.00000000003B0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	3B0000
Size:	8192

Details

Name:	00000004.00000003.548773793.00000000022B5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B5000
Size:	8192

Details

Name:	0000000B.00000002.511954287.0000000000534000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	534000
Size:	110592

Details

Name:	00000003.00000002.479022681.0000000003461000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3461000
Size:	28672

Details

Name:	0000000C.00000002.514479092.0000000000164000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	164000
Size:	4096

Details

Name:	00000010.00000002.525162442.00000000024BE000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	24BE000
Size:	8192

Details

Name:	00000010.00000002.525422993.000000000520E000.00000104.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	520E000
Size:	4096

Details

Name:	0000000B.00000003.510017583.0000000005030000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5030000
Size:	434176

Details

Name:	0000000C.00000002.514712178.0000000000410000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	410000
Size:	8192

Details

Name:	0000000E.00000002.522294608.000000000023B000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23B000
Size:	4096

Details

Name:	00000004.00000003.540607510.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	49152

Details

Name:	00000003.00000002.477274592.0000000000860000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	860000
Size:	12288

Details

Name:	0000000A.00000002.509285488.0000000000472000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	472000
Size:	4096

Details

Name:	0000000C.00000002.515169686.000000000079C000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	79C000
Size:	102400

Details

Name:	0000000A.00000002.513506628.000000000ADEF000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ADEF000
Size:	4096

Details

Name:	0000000B.00000002.512299315.00000000005C3000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5C3000
Size:	16384

Details

Name:	00000003.00000000.471640274.0000000000912000.00000020.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	00000004.00000000.476178349.000000007EFB2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000B.00000000.488711019.0000000000BE2000.00000020.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000004.00000002.694285533.0000000003579000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3579000
Size:	40960

Details

Name:	0000000C.00000002.515100071.0000000000720000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	720000
Size:	12288

Details

Name:	00000010.00000002.525453448.00000000059AF000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	59AF000
Size:	4096

Details

Name:	00000011.00000002.527317216.0000000000670000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	670000
Size:	77824

Details

Name:	0000000E.00000002.522763868.0000000000860000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	860000
Size:	4096

Details

Name:	0000000C.00000003.506225569.0000000000730000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	730000
Size:	20480

Details

Name:	00000004.00000002.694662270.00000000038C3000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	38C3000
Size:	36864

Details

Name:	0000000B.00000002.510732622.0000000000050000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000009.00000002.690133444.00000000003FF000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3FF000
Size:	4096

Details

Name:	0000000C.00000002.515079758.00000000005A0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5A0000
Size:	24576

Details

Name:	0000000E.00000000.508434784.000000007EFB2000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	0000000E.00000002.523312132.000000000531E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	531E000
Size:	8192

Details

Name:	0000000A.00000002.509630827.0000000000910000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000B.00000002.514927800.0000000004F4D000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F4D000
Size:	8192

Details

Name:	0000000A.00000002.509300171.000000000047B000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	47B000
Size:	20480

Details

Name:	0000000E.00000002.522324147.00000000002F7000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	2F7000
Size:	8192

Details

Name:	00000003.00000002.477495287.0000000002100000.00000040.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2100000
Size:	4096

Details

Name:	00000003.00000002.476955792.0000000000060000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000010.00000002.524550265.0000000000422000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	422000
Size:	90112

Details

Name:	0000000F.00000002.509559862.000000007EFB0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000E.00000002.522702803.00000000005EE000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5EE000
Size:	8192

Details

Name:	0000000B.00000002.515318677.000000007EFE0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000004.00000002.694260168.0000000003531000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3531000
Size:	40960

Details

Name:	00000004.00000003.548513012.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	28672

Details

Name:	0000000B.00000002.512788764.000000000223E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	223E000
Size:	8192

Details

Name:	0000000E.00000002.523259157.0000000004A5E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A5E000
Size:	8192

Details

Name:	0000000C.00000002.517530609.00000000043A0000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	43A0000
Size:	4096

Details

Name:	0000000B.00000003.500630260.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	65536

Details

Name:	0000000B.00000002.514403491.000000000439E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	439E000
Size:	8192

Details

Name:	00000004.00000002.691552439.00000000022AC000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22AC000
Size:	16384

Details

Name:	00000004.00000003.500456087.00000000005C4000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C4000
Size:	12288

Details

Name:	00000004.00000002.691593708.000000000242E000.00000104.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	242E000
Size:	4096

Details

Name:	0000000A.00000002.513527779.000000000B05E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B05E000
Size:	8192

Details

Name:	0000000B.00000002.515206302.000000000A7E1000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A7E1000
Size:	8192

Details

Name:	00000004.00000003.599256769.0000000003902000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3902000
Size:	45056

Details

Name:	00000004.00000002.694242345.0000000003511000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3511000
Size:	4096

Details

Name:	0000000E.00000000.508164507.0000000000912000.00000020.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	0000000C.00000002.515495790.0000000000ADE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ADE000
Size:	8192

Details

Name:	0000000C.00000002.517989804.000000000543F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	543F000
Size:	4096

Details

Name:	00000010.00000002.525037210.0000000000BE2000.00000020.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000004.00000003.484681651.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	28672

Details

Name:	00000010.00000000.509836721.000000007EFC0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000B.00000002.512470896.0000000000B62000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B62000
Size:	8192

Details

Name:	00000011.00000003.526484732.00000000003A0000.00000040.00000040.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	3A0000
Size:	4096

Details

Name:	00000011.00000003.514271057.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	16384

Details

Name:	00000004.00000003.476921410.0000000000280000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	20480

Details

Name:	00000003.00000002.477003805.00000000002D7000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2D7000
Size:	4096

Details

Name:	0000000C.00000003.506735913.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	61440

Details

Name:	00000004.00000002.690330054.0000000000280000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	280000
Size:	8192

Details

Name:	00000009.00000002.691304458.0000000002990000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2990000
Size:	8192

Details

Name:	0000000C.00000002.517957671.000000000536E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	536E000
Size:	8192

Details

Name:	0000000B.00000003.504880637.00000000003E0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	45056

Details

Name:	00000004.00000002.694125776.0000000003459000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3459000
Size:	40960

Details

Name:	00000004.00000002.691541843.0000000002260000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	16384

Details

Name:	0000000C.00000002.518089154.000000000AF9F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AF9F000
Size:	4096

Details

Name:	00000004.00000003.500727822.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	28672

Details

Name:	0000000C.00000003.507589319.0000000000390000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	390000
Size:	65536

Details

Name:	00000004.00000002.692623419.0000000002758000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2758000
Size:	1404928

Details

Name:	00000003.00000002.477054820.00000000004E4000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E4000
Size:	24576

Details

Name:	00000004.00000002.694885039.000000000550C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	550C000
Size:	16384

Details

Name:	00000004.00000003.548468977.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	16384

Details

Name:	0000000B.00000002.510806980.0000000000274000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	274000
Size:	4096

Details

Name:	0000000B.00000002.512716947.00000000021BE000.00000104.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	21BE000
Size:	4096

Details

Name:	0000000B.00000002.514872534.0000000004E30000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4E30000
Size:	4096

Details

Name:	0000000B.00000002.512383687.0000000000A6E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A6E000
Size:	8192

Details

Name:	0000000C.00000002.514599274.0000000000197000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	197000
Size:	4096

Details

Name:	00000004.00000002.691732570.0000000002548000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2548000
Size:	1634304

Details

Name:	0000000D.00000002.508004168.0000000000C76000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000010.00000002.524829165.00000000007E0000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7E0000
Size:	12288

Details

Name:	0000000C.00000002.515366697.0000000000A4E000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A4E000
Size:	8192

Details

Name:	00000010.00000002.525471475.000000007EFA9000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFA9000
Size:	4096

Details

Name:	00000004.00000002.690979593.0000000000820000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	820000
Size:	49152

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000003.00000002.476947956.0000000000020000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000004.00000003.476866539.0000000000280000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	16384

Details

Name:	00000004.00000003.477376869.0000000000456000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	456000
Size:	8192

Details

Name:	0000000E.00000002.522484624.0000000000400000.00000040.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000004.00000003.505067792.00000000008B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8B0000
Size:	16384

Details

Name:	00000009.00000002.690023844.0000000000030000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	0000000E.00000002.522967041.00000000022CE000.00000104.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	22CE000
Size:	4096

Details

Name:	0000000B.00000003.504955041.00000000003D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	65536

Details

Name:	00000010.00000002.525146340.00000000023DE000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	23DE000
Size:	8192

Details

Name:	00000004.00000002.691226377.00000000009B0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9B0000
Size:	24576

Details

Name:	00000011.00000002.526740395.00000000000A0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	A0000
Size:	4096

Details

Name:	00000010.00000002.525440023.000000000561E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	561E000
Size:	8192

Details

Name:	0000000B.00000003.504820850.00000000003D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	32768

Details

Name:	00000011.00000002.528616874.000000007EFB2000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000011.00000000.510890180.000000007EFC0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000C.00000002.518069616.000000000AC3F000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AC3F000
Size:	4096

Details

Name:	00000003.00000002.480062177.00000000052C0000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	52C0000
Size:	12288

Details

Name:	00000009.00000002.691421379.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000004.00000003.622168729.000000000637A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	637A000
Size:	139264

Details

Name:	00000010.00000002.524378807.0000000000220000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	220000
Size:	20480

Details

Name:	0000000B.00000002.511582144.00000000004E0000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	4E0000
Size:	28672

Details

Name:	00000004.00000002.691649725.0000000002482000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2482000
Size:	806912

Signature Hits	Behavior Group	Mitre Attack
Detected Nanocore Rat	Remote Access Functionality	Remote Access Software
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000003.00000003.475141096.0000000000310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	65536

Details

Name:	0000000C.00000002.515015406.0000000000520000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	520000
Size:	69632

Details

Name:	00000004.00000003.524698515.0000000006332000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6332000
Size:	40960

Details

Name:	00000010.00000003.511732709.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	28672

Details

Name:	0000000C.00000003.506652607.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	65536

Details

Name:	00000004.00000003.484904514.00000000006D0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6D0000
Size:	61440

Details

Name:	00000003.00000000.471806349.000000007EFD0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000B.00000002.512031138.000000000055C000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	55C000
Size:	417792

Details

Name:	00000004.00000002.694904978.000000000556E000.00000104.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	556E000
Size:	4096

Details

Name:	00000003.00000002.477031200.0000000000480000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	65536

Details

Name:	0000000C.00000002.514737451.0000000000424000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	424000
Size:	24576

Details

Name:	00000009.00000002.690006152.0000000000020000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	28672

Details

Name:	00000004.00000003.484505992.0000000000476000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	476000
Size:	8192

Details

Name:	00000011.00000003.514345997.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	36864

Details

Name:	00000004.00000003.476891952.0000000000280000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	280000
Size:	24576

Details

Name:	00000004.00000002.690205937.000000000019B000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	19B000
Size:	4096

Details

Name:	0000000C.00000002.514861138.0000000000460000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	65536

Details

Name:	00000003.00000003.474029250.00000000008F7000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F7000
Size:	36864

Details

Name:	00000003.00000003.474570311.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	28672

Details

Name:	0000000C.00000002.518117743.000000007EFB0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000B.00000002.511319064.00000000004B0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4B0000
Size:	8192

Details

Name:	0000000B.00000002.515179406.000000000541E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	541E000
Size:	8192

Details

Name:	00000004.00000002.691528782.000000000221E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	221E000
Size:	8192

Details

Name:	00000003.00000002.477484956.00000000020FC000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20FC000
Size:	16384

Details

Name:	00000004.00000002.691601758.000000000242F000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	242F000
Size:	4096

Details

Name:	00000004.00000003.488033059.000000000078F000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	78F000
Size:	4096

Details

Name:	00000004.00000002.693680905.0000000002922000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2922000
Size:	4096

Details

Name:	0000000A.00000002.512925682.000000000443E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	443E000
Size:	8192

Details

Name:	0000000C.00000003.506159498.00000000004B0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4B0000
Size:	65536

Details

Name:	00000004.00000003.536632043.0000000006344000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6344000
Size:	4096

Details

Name:	00000004.00000003.504171599.00000000007C6000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C6000
Size:	8192

Details

Name:	00000010.00000000.509850832.000000007EFD0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000A.00000002.509483265.000000000057B000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	57B000
Size:	180224

Details

Name:	0000000A.00000002.513496454.000000000ADEE000.00000104.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	ADEE000
Size:	4096

Details

Name:	00000004.00000003.477383914.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	49152

Details

Name:	00000004.00000002.696032893.000000007EFC0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.695906206.0000000006DD9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6DD9000
Size:	28672

Details

Name:	00000004.00000003.487965950.0000000000790000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	65536

Details

Name:	0000000F.00000000.509294474.000000007EFD0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000003.485807725.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	24576

Details

Name:	00000010.00000002.524238974.0000000000020000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000010.00000003.511388578.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	16384

Details

Name:	00000004.00000002.694614427.0000000003853000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3853000
Size:	4096

Details

Name:	00000010.00000002.524283590.0000000000130000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	130000
Size:	53248

Details

Name:	0000000B.00000002.510885011.000000000029A000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	29A000
Size:	4096

Details

Name:	0000000C.00000000.504119960.0000000000C76000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000004.00000003.548961008.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	28672

Details

Name:	0000000B.00000003.504276366.0000000003D63000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D63000
Size:	217088

Details

Name:	00000010.00000003.511803357.00000000002A8000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A8000
Size:	16384

Details

Name:	00000004.00000002.690655524.0000000000670000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	65536

Details

Name:	0000000A.00000003.505082835.00000000003E0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	65536

Details

Name:	0000000E.00000003.509461866.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	20480

Details

Name:	0000000A.00000002.513579455.000000007EFC0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.690441865.0000000000480000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	480000
Size:	12288

Details

Name:	00000004.00000002.690632865.00000000005CC000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5CC000
Size:	16384

Details

Name:	0000000C.00000003.504896070.0000000000420000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	420000
Size:	20480

Details

Name:	00000009.00000002.690142098.0000000000450000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	450000
Size:	20480

Details

Name:	00000004.00000002.695005561.000000000587C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	587C000
Size:	16384

Details

Name:	00000010.00000002.524886419.00000000008FC000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8FC000
Size:	16384

Details

Name:	00000011.00000002.527047496.0000000000340000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	340000
Size:	65536

Details

Name:	00000011.00000000.510861800.0000000000C76000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000004.00000002.694476042.00000000036F7000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	36F7000
Size:	737280

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000010.00000002.524895096.0000000000900000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	900000
Size:	913408

Details

Name:	00000004.00000003.485914162.0000000000670000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	670000
Size:	4096

Details

Name:	00000004.00000002.695709943.00000000060F0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	60F0000
Size:	4096

Details

Name:	0000000B.00000002.512827526.00000000022A1000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	22A1000
Size:	237568

Details

Name:	00000009.00000002.691325040.00000000029CB000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	29CB000
Size:	12288

Details

Name:	00000004.00000002.694677944.0000000004430000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4430000
Size:	8192

Details

Name:	00000003.00000003.474547711.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	61440

Details

Name:	00000010.00000002.525405707.0000000004C4E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C4E000
Size:	8192

Details

Name:	0000000B.00000002.510725069.0000000000020000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20000
Size:	16384

Details

Name:	0000000B.00000003.500379006.0000000000A20000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	A20000
Size:	32768

Details

Name:	00000003.00000003.473816059.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	65536

Details

Name:	0000000F.00000000.509084347.0000000000BE0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000C.00000002.514497541.0000000000170000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	170000
Size:	53248

Details

Name:	0000000B.00000002.510811686.000000000027D000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	27D000
Size:	4096

Details

Name:	00000004.00000003.485646008.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	28672

Details

Name:	0000000E.00000002.522117664.0000000000020000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000011.00000003.512298229.0000000000350000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	350000
Size:	24576

Details

Name:	00000011.00000000.510686516.0000000000BE2000.00000020.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	0000000A.00000002.513598603.000000007EFDF000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000009.00000002.691345163.000000007EFE0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000010.00000002.524367180.0000000000210000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	210000
Size:	24576

Details

Name:	00000009.00000002.691154327.000000000225F000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	225F000
Size:	4096

Details

Name:	00000004.00000002.694216639.00000000034D1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	34D1000
Size:	4096

Details

Name:	00000011.00000002.527806052.0000000000BDE000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	BDE000
Size:	8192

Details

Name:	00000004.00000002.692375301.00000000026D8000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	26D8000
Size:	241664

Details

Name:	0000000A.00000002.512968430.0000000004850000.00000004.00000040.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4850000
Size:	4096

Details

Name:	0000000D.00000000.507507804.000000007EFC0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000003.504090653.0000000000790000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	790000
Size:	16384

Details

Name:	0000000E.00000002.522178447.00000000001D0000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1D0000
Size:	53248

Details

Name:	00000010.00000002.525393285.000000000466E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	466E000
Size:	8192

Details

Name:	00000009.00000002.691403649.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	00000009.00000000.486209058.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	0000000B.00000002.513681237.00000000032A1000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	32A1000
Size:	28672

Details

Name:	00000004.00000003.548852282.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	00000011.00000000.510872811.000000007EFB0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000004.00000002.695899112.0000000006AF0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6AF0000
Size:	4096

Details

Name:	0000000B.00000002.515313052.000000007EFDF000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000A.00000003.489785595.0000000000470000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	20480

Details

Name:	00000004.00000003.548434309.00000000022B0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	22B0000
Size:	45056

Details

Name:	00000004.00000002.693850171.0000000002946000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2946000
Size:	225280

Details

Name:	00000010.00000002.524278924.000000000012D000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	12D000
Size:	4096

Details

Name:	00000011.00000003.514186225.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	8192

Details

Name:	00000010.00000002.524294289.000000000013D000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	13D000
Size:	4096

Details

Name:	0000000D.00000002.507861882.0000000000060000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000011.00000003.514278508.00000000003E6000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E6000
Size:	8192

Details

Name:	00000004.00000003.504450449.00000000007C6000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C6000
Size:	8192

Details

Name:	0000000A.00000003.504942698.00000000003E0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	45056

Details

Name:	00000004.00000003.484470207.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	28672

Details

Name:	0000000C.00000002.517894120.0000000004EE0000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	4EE0000
Size:	12288

Details

Name:	0000000D.00000000.507136948.0000000000BE2000.00000020.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	0000000C.00000002.514693600.0000000000368000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	368000
Size:	32768

Details

Name:	0000000A.00000002.509333299.00000000004A0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	32768

Details

Name:	00000004.00000002.690353141.00000000003A5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3A5000
Size:	45056

Details

Name:	0000000A.00000002.513517421.000000000AEEF000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	AEEF000
Size:	4096

Details

Name:	0000000E.00000001.508573572.0000000000910000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000000.488534790.000000007EFB2000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000011.00000002.526717287.000000000008A000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8A000
Size:	24576

Details

Name:	0000000A.00000003.505119826.00000000003D0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	65536

Details

Name:	00000003.00000002.477300938.00000000008A0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8A0000
Size:	32768

Details

Name:	0000000F.00000002.509578396.000000007EFC0000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	0000000B.00000002.511382624.00000000004C2000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C2000
Size:	4096

Details

Name:	00000003.00000002.477651084.00000000021D0000.00000040.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	21D0000
Size:	4096

Details

Name:	00000003.00000003.475035555.0000000000310000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	310000
Size:	28672

Details

Name:	00000004.00000002.695867094.000000000664E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	664E000
Size:	8192

Details

Name:	00000011.00000002.527788732.0000000000B7E000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	B7E000
Size:	8192

Details

Name:	00000011.00000002.527127943.0000000000360000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	360000
Size:	28672

Details

Name:	0000000A.00000002.509070973.0000000000050000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000C.00000002.514940851.0000000000479000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	479000
Size:	24576

Details

Name:	0000000C.00000003.506234382.0000000000510000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	65536

Details

Name:	00000004.00000002.690119947.0000000000170000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	170000
Size:	53248

Details

Name:	0000000B.00000002.515301500.000000007EFC2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.502314134.00000000005C5000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5C5000
Size:	4096

Details

Name:	00000009.00000002.690175055.000000000048E000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	48E000
Size:	262144

Details

Name:	00000009.00000002.690246875.00000000006D0000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6D0000
Size:	12288

Details

Name:	00000004.00000002.690239079.00000000001F0000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	1F0000
Size:	28672

Details

Name:	0000000C.00000002.514728025.0000000000422000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	422000
Size:	4096

Details

Name:	00000004.00000002.694624891.0000000003863000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3863000
Size:	36864

Details

Name:	0000000C.00000002.515323560.0000000000806000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	806000
Size:	8192

Details

Name:	0000000A.00000002.513585136.000000007EFC2000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	0000000E.00000003.509693478.0000000000616000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	616000
Size:	8192

Details

Name:	0000000C.00000002.514541756.000000000018A000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	18A000
Size:	4096

Details

Name:	00000011.00000002.528470814.000000000459F000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	459F000
Size:	4096

Details

Name:	00000004.00000003.535295974.000000000633C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633C000
Size:	36864

Details

Name:	0000000E.00000002.522957836.000000000218E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	218E000
Size:	8192

Details

Name:	00000011.00000002.527011574.0000000000330000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	330000
Size:	12288

Details

Name:	0000000C.00000002.517966382.00000000053DE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	53DE000
Size:	8192

Details

Name:	00000003.00000002.477322450.0000000000912000.00000020.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	00000010.00000001.510000922.0000000000BE0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000A.00000002.509140076.000000000026D000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	26D000
Size:	4096

Details

Name:	0000000C.00000002.517888447.0000000004EBE000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EBE000
Size:	8192

Details

Name:	00000003.00000003.475130427.0000000000320000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	320000
Size:	65536

Details

Name:	00000004.00000003.477401324.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	28672

Details

Name:	00000010.00000002.524721526.000000000078E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	78E000
Size:	8192

Details

Name:	00000004.00000002.695922348.00000000070BE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	70BE000
Size:	8192

Details

Name:	0000000A.00000002.513334372.0000000004F6E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F6E000
Size:	8192

Details

Name:	00000010.00000002.524462150.00000000003F6000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3F6000
Size:	40960

Details

Name:	00000004.00000002.691314181.00000000020D0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	20D0000
Size:	913408

Details

Name:	00000003.00000002.477318927.0000000000910000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000E.00000002.522949070.000000000213C000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	213C000
Size:	16384

Details

Name:	0000000F.00000000.509254448.0000000000C76000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	0000000C.00000002.514918024.0000000000470000.00000004.00000040.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	470000
Size:	24576

Details

Name:	0000000C.00000002.515285894.00000000007E1000.00000004.00000020.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7E1000
Size:	147456

Details

Name:	0000000B.00000002.512808403.0000000002260000.00000040.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	2260000
Size:	4096

Details

Name:	00000011.00000002.527354183.0000000000827000.00000004.00000020.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	827000
Size:	8192

Details

Name:	00000004.00000002.691050468.00000000008B0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	8B0000
Size:	36864

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000C.00000002.518198346.000000007EFE0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000010.00000003.511666027.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	16384

Details

Name:	00000011.00000002.528577955.0000000004F8E000.00000104.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	4F8E000
Size:	4096

Details

Name:	00000011.00000002.527724783.00000000009B5000.00000004.00000040.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	9B5000
Size:	36864

Details

Name:	00000004.00000002.690100430.0000000000164000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	164000
Size:	4096

Details

Name:	00000010.00000002.525411788.0000000004F7E000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F7E000
Size:	8192

Details

Name:	00000010.00000003.510780569.00000000002A0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A0000
Size:	4096

Details

Name:	00000009.00000002.691172151.0000000002310000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2310000
Size:	4096

Details

Name:	00000004.00000003.501040429.0000000000780000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	780000
Size:	8192

Details

Name:	0000000A.00000003.504886178.00000000003D0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3D0000
Size:	32768

Details

Name:	0000000E.00000003.509704060.0000000000610000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	610000
Size:	49152

Details

Name:	00000010.00000002.525417478.0000000005020000.00000040.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page execute and read and write
Base address:	5020000
Size:	4096

Details

Name:	00000004.00000003.540619074.000000000633B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	633B000
Size:	36864

Details

Name:	00000011.00000002.528109137.000000000222E000.00000104.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	222E000
Size:	4096

Details

Name:	00000009.00000002.691190167.0000000002810000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2810000
Size:	913408

Details

Name:	0000000C.00000003.507509407.0000000000380000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	380000
Size:	28672

Details

Name:	0000000C.00000002.515329246.0000000000850000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	850000
Size:	77824

Details

Name:	0000000B.00000002.514941014.000000000509E000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	509E000
Size:	8192

Details

Name:	0000000E.00000002.522109456.0000000000010000.00000004.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	0000000C.00000000.504154871.000000007EFC0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000010.00000002.524749171.00000000007A0000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7A0000
Size:	16384

Details

Name:	00000004.00000002.694637108.0000000003883000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3883000
Size:	4096

Details

Name:	0000000F.00000002.509449772.0000000000BE2000.00000020.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	0000000A.00000000.488324591.0000000000910000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000C.00000003.507553749.0000000000380000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	380000
Size:	65536

Details

Name:	00000004.00000003.599373984.0000000003992000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3992000
Size:	4096

Details

Name:	00000004.00000002.694332050.00000000035F9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	35F9000
Size:	237568

Details

Name:	00000004.00000002.696054365.000000007EFDF000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	0000000C.00000002.518034720.000000000AC3E000.00000104.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	AC3E000
Size:	4096

Details

Name:	00000003.00000000.471789138.000000007EFB0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000B.00000002.510799559.0000000000273000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	273000
Size:	4096

Details

Name:	00000004.00000003.599198487.00000000038A2000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	38A2000
Size:	45056

Details

Name:	00000004.00000002.694792242.0000000004F4E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F4E000
Size:	8192

Details

Name:	0000000A.00000002.509087912.00000000000A0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	A0000
Size:	4096

Details

Name:	00000004.00000002.695937515.000000000732E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	732E000
Size:	8192

Details

Name:	00000010.00000003.511099519.00000000002B0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B0000
Size:	65536

Details

Name:	00000011.00000002.528643727.000000007EFDF000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000004.00000003.504145714.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	20480

Details

Name:	0000000A.00000003.504073095.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	28672

Details

Name:	0000000E.00000002.523384693.000000007EFE0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000003.00000002.477662564.0000000002210000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2210000
Size:	4096

Details

Name:	0000000B.00000002.510939526.00000000002BB000.00000040.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2BB000
Size:	4096

Details

Name:	00000010.00000003.510958273.00000000002A6000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A6000
Size:	40960

Details

Name:	0000000C.00000002.518107079.000000007EF40000.00000040.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000004.00000003.477573960.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	4096

Details

Name:	00000010.00000002.525434525.000000000544F000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	544F000
Size:	4096

Details

Name:	00000004.00000002.695681261.0000000005FDE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5FDE000
Size:	8192

Details

Name:	00000004.00000002.695984919.0000000007B8E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7B8E000
Size:	8192

Details

Name:	0000000B.00000000.490136211.0000000000C76000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	00000010.00000002.524441157.0000000000260000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	260000
Size:	16384

Details

Name:	00000003.00000000.471798690.000000007EFC0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000010.00000002.525489707.000000007EFC0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000003.00000003.473903401.0000000001FF0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1FF0000
Size:	20480

Details

Name:	00000004.00000002.690199138.0000000000197000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	197000
Size:	4096

Details

Name:	00000003.00000002.480434736.000000007EFD0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000E.00000002.523078751.000000000435E000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	435E000
Size:	8192

Details

Name:	0000000E.00000003.509110195.0000000000570000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	570000
Size:	28672

Details

Name:	00000004.00000003.504384348.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	16384

Details

Name:	0000000D.00000002.507856078.0000000000050000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000004.00000000.476148989.00000000009A6000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	0000000E.00000002.523347633.000000007EFB0000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000003.00000002.476963086.00000000000EA000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	EA000
Size:	24576

Details

Name:	00000003.00000003.473802414.0000000000900000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	900000
Size:	32768

Details

Name:	00000004.00000002.694760936.0000000004A6F000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A6F000
Size:	4096

Details

Name:	0000000B.00000002.510914631.00000000002A9000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2A9000
Size:	24576

Details

Name:	0000000C.00000003.507579131.00000000003A0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3A0000
Size:	65536

Details

Name:	00000011.00000003.513952599.00000000003F0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	57344

Details

Name:	00000009.00000002.690036161.0000000000040000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	4096

Details

Name:	0000000B.00000002.511530022.00000000004CB000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CB000
Size:	20480

Details

Name:	00000003.00000002.477502827.0000000002150000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2150000
Size:	4096

Details

Name:	00000010.00000003.510916350.00000000002B0000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B0000
Size:	57344

Details

Name:	00000010.00000003.510593637.0000000000245000.00000004.00000001.sdmp
TargetID:	16
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	245000
Size:	8192

Details

Name:	00000004.00000002.690671732.00000000006BD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	6BD000
Size:	12288

Details

Name:	00000004.00000002.691059827.00000000008C0000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	8C0000
Size:	61440

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000E.00000002.522734719.0000000000637000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	637000
Size:	4096

Details

Name:	00000004.00000002.690418802.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	65536

Details

Name:	00000003.00000002.477428105.00000000009B0000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9B0000
Size:	73728

Details

Name:	00000003.00000002.479637650.0000000004B6E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4B6E000
Size:	8192

Details

Name:	00000003.00000003.475114275.0000000000340000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	340000
Size:	8192

Details

Name:	00000004.00000002.692585524.0000000002752000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2752000
Size:	20480

Details

Name:	0000000C.00000002.517901444.0000000004EF0000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4EF0000
Size:	4096

Details

Name:	00000004.00000000.476203814.000000007EFD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000003.504421469.00000000007C0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	7C0000
Size:	16384

Details

Name:	0000000D.00000002.508016250.000000007EFB0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000A.00000002.509832997.0000000001DB0000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1DB0000
Size:	913408

Details

Name:	0000000A.00000002.509190772.00000000002D7000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2D7000
Size:	4096

Details

Name:	00000004.00000003.484770114.0000000000678000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	678000
Size:	32768

Details

Name:	00000004.00000003.504064324.0000000000796000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	796000
Size:	8192

Details

Name:	0000000C.00000002.514706069.0000000000370000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	370000
Size:	8192

Details

Name:	0000000E.00000002.522333148.0000000000314000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	314000
Size:	110592

Details

Name:	00000004.00000002.691024483.0000000000850000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	850000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000004.00000002.694425667.000000000369A000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	369A000
Size:	4096

Details

Name:	0000000A.00000002.509177990.0000000000282000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	282000
Size:	4096

Details

Name:	0000000A.00000003.503903041.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	65536

Details

Name:	00000004.00000002.690018097.0000000000050000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000003.00000002.477288379.0000000000890000.00000004.00000040.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	890000
Size:	24576

Details

Name:	0000000A.00000002.509636218.0000000000912000.00000020.00020000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	912000
Size:	602112

Details

Name:	0000000C.00000003.506644013.0000000000510000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	510000
Size:	28672

Details

Name:	0000000D.00000000.507129404.0000000000BE0000.00000002.00020000.sdmp
TargetID:	13
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000009.00000002.690160658.0000000000457000.00000004.00000020.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	457000
Size:	8192

Details

Name:	0000000B.00000002.515282046.000000007EFB0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	0000000A.00000002.513379600.0000000004F9D000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4F9D000
Size:	8192

Details

Name:	0000000F.00000002.509526485.0000000000C76000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	0000000B.00000002.511445073.00000000004C4000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4C4000
Size:	24576

Details

Name:	00000004.00000002.690623248.00000000005CA000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5CA000
Size:	4096

Details

Name:	00000004.00000003.485441249.0000000000480000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	480000
Size:	16384

Details

Name:	00000003.00000002.477064636.00000000004F0000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F0000
Size:	16384

Details

Name:	0000000F.00000002.509427230.0000000000050000.00000002.00020000.sdmp
TargetID:	15
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	0000000C.00000002.515374530.0000000000A50000.00000004.00020000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	A50000
Size:	212992

Details

Name:	0000000E.00000002.522774438.0000000000882000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	882000
Size:	12288

Details

Name:	00000010.00000002.525464895.000000007EF40000.00000040.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Details

Name:	00000004.00000003.536642527.000000000632C000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	632C000
Size:	36864

Details

Name:	0000000A.00000003.492137227.00000000004C0000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	4C0000
Size:	65536

Details

Name:	00000011.00000002.527874726.0000000000BE2000.00000020.00020000.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	BE2000
Size:	602112

Details

Name:	00000011.00000002.527747592.0000000000ADF000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	ADF000
Size:	4096

Details

Name:	00000004.00000003.477523791.0000000000460000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	460000
Size:	65536

Details

Name:	00000004.00000003.477332413.0000000000470000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	470000
Size:	8192

Details

Name:	00000003.00000002.477039075.00000000004CC000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4CC000
Size:	16384

Details

Name:	0000000A.00000001.488697698.0000000000910000.00000002.00020000.sdmp
TargetID:	10
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	00000004.00000002.690166679.0000000000182000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	182000
Size:	4096

Details

Name:	00000004.00000003.485815364.0000000000487000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	487000
Size:	12288

Details

Name:	0000000E.00000002.522370328.0000000000330000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	330000
Size:	12288

Details

Name:	00000011.00000003.513298276.00000000003E0000.00000004.00000001.sdmp
TargetID:	17
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	3E0000
Size:	4096

Details

Name:	00000004.00000002.694836041.00000000051CE000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	51CE000
Size:	8192

Details

Name:	00000004.00000002.694231811.00000000034F1000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	34F1000
Size:	40960

Details

Name:	00000004.00000002.691013967.0000000000840000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	840000
Size:	28672

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000C.00000002.514808585.0000000000450000.00000004.00000001.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	32768

Details

Name:	00000003.00000003.474593995.0000000000308000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	308000
Size:	4096

Details

Name:	00000010.00000002.525004081.0000000000B90000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	B90000
Size:	4096

Details

Name:	0000000E.00000000.508450153.000000007EFC2000.00000002.00020000.sdmp
TargetID:	14
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000003.540763691.0000000006324000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	6324000
Size:	16384

Details

Name:	0000000A.00000002.509267420.000000000042E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	42E000
Size:	8192

Details

Name:	0000000E.00000002.522684887.0000000000580000.00000004.00000040.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	580000
Size:	16384

Details

Name:	0000000B.00000002.512696182.0000000000C76000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C76000
Size:	4096

Details

Name:	0000000E.00000002.522379378.000000000033D000.00000004.00000020.sdmp
TargetID:	14
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	33D000
Size:	94208

Details

Name:	00000004.00000002.694307616.00000000035B9000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	35B9000
Size:	4096

Details

Name:	0000000B.00000003.503920358.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	28672

Details

Name:	00000004.00000002.691571948.0000000002300000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2300000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	0000000C.00000000.501402531.0000000000BE0000.00000002.00020000.sdmp
TargetID:	12
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	00000010.00000002.525018635.0000000000BB2000.00000004.00000040.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	BB2000
Size:	12288

Details

Name:	00000010.00000002.525506649.000000007EFD0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	0000000B.00000002.512310422.0000000000610000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	610000
Size:	24576

Details

Name:	0000000A.00000002.513407061.000000000533E000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	533E000
Size:	8192

Details

Name:	00000009.00000002.690283366.0000000000870000.00000002.00020000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	870000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000004.00000002.691217833.00000000009A6000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	9A6000
Size:	4096

Details

Name:	00000004.00000003.484437775.0000000000465000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	465000
Size:	8192

Details

Name:	0000000B.00000003.500973216.0000000000B80000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	B80000
Size:	20480

Details

Name:	00000004.00000003.477371851.0000000000450000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	450000
Size:	16384

Details

Name:	00000003.00000003.474039722.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	16384

Details

Name:	00000009.00000002.691124861.00000000020E0000.00000004.00000040.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20E0000
Size:	4096

Details

Name:	00000010.00000002.524839091.00000000007EC000.00000004.00000020.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	7EC000
Size:	413696

Details

Name:	00000003.00000002.477306396.00000000008B0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8B0000
Size:	65536

Details

Name:	0000000E.00000003.509142354.0000000000570000.00000004.00000001.sdmp
TargetID:	14
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	570000
Size:	24576

Details

Name:	00000004.00000002.691034347.000000000089E000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	89E000
Size:	8192

Details

Name:	00000003.00000003.474022855.00000000008F0000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	8F0000
Size:	24576

Details

Name:	0000000A.00000002.509145746.0000000000270000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	270000
Size:	53248

Details

Name:	00000003.00000002.477541044.0000000002190000.00000004.00020000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2190000
Size:	212992

Details

Name:	00000004.00000002.691559019.00000000022E0000.00000040.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	22E0000
Size:	24576

Details

Name:	00000003.00000001.471967811.0000000000910000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000002.511139041.0000000003281000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3281000
Size:	28672

Details

Name:	0000000A.00000003.508752259.000000000059A000.00000004.00000001.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	59A000
Size:	53248

Details

Name:	0000000A.00000002.509247772.0000000000340000.00000004.00000020.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	340000
Size:	20480

Details

Name:	0000000B.00000003.503933057.00000000009D0000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	9D0000
Size:	28672

Details

Name:	00000009.00000002.691181233.000000000280C000.00000004.00000001.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	280C000
Size:	16384

Details

Name:	00000010.00000002.525477363.000000007EFB0000.00000002.00020000.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000004.00000003.504107068.0000000000795000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	795000
Size:	8192

Details

Name:	00000010.00000002.524672440.000000000073E000.00000104.00000001.sdmp
TargetID:	16
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write \| page guard
Base address:	73E000
Size:	4096

Details

Name:	00000011.00000000.510676168.0000000000BE0000.00000002.00020000.sdmp
TargetID:	17
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	BE0000
Size:	4096

Details

Name:	0000000A.00000002.513560768.000000007EF40000.00000040.00000001.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	7EF40000
Size:	4096

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps