Automated Malware Analysis IOC Report for

Details

Name:	00000005.00000002.500496726.0000000000390000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	390000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000007.00000002.668009363.00000000000D0000.00000040.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	D0000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000007.00000002.667963652.0000000000070000.00000040.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	70000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000006.00000000.492702725.0000000009521000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	9521000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000005.00000002.500520778.0000000000400000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000005.00000000.465010380.0000000000400000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000005.00000002.500610869.0000000000820000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	820000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000004.00000002.465677095.0000000000490000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	490000
Size:	221184

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000005.00000001.465359604.0000000000400000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	400000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000006.00000000.485058006.0000000009521000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	9521000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000005.00000000.464491442.0000000000400000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000007.00000002.668043028.0000000000140000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	140000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000006.00000000.552543193.0000000006A5A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A5A000
Size:	24576

Details

Name:	00000006.00000000.492205468.0000000008C3E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C3E000
Size:	28672

Details

Name:	00000008.00000000.504172672.000000007EFD0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.492013149.000000000840B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	840B000
Size:	90112

Details

Name:	00000004.00000003.463265002.0000000002B57000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B57000
Size:	4096

Details

Name:	00000006.00000000.487621339.0000000002A20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A20000
Size:	4096

Details

Name:	00000006.00000000.488499997.0000000002F50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F50000
Size:	12288

Details

Name:	00000006.00000000.478652978.000000000034E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	34E000
Size:	114688

Details

Name:	00000006.00000000.485654703.00000000001CE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1CE000
Size:	12288

Details

Name:	00000006.00000000.483755365.00000000078E9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	78E9000
Size:	28672

Details

Name:	00000004.00000002.465903201.0000000001DB2000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1DB2000
Size:	12288

Details

Name:	00000006.00000000.479315403.0000000002550000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2550000
Size:	36864

Details

Name:	00000006.00000000.471095591.00000000043B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	43B0000
Size:	4096

Details

Name:	00000008.00000002.505396929.0000000001E00000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1E00000
Size:	3133440

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000007.00000002.667930298.0000000000020000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	28672

Details

Name:	00000006.00000000.552579237.0000000006BBE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6BBE000
Size:	8192

Details

Name:	00000006.00000000.486069298.00000000005B0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5B0000
Size:	12288

Details

Name:	00000008.00000000.503807894.000000007EFB2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.552280872.0000000004D60000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D60000
Size:	8192

Details

Name:	00000006.00000000.471061049.0000000004300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4300000
Size:	4096

Details

Name:	00000007.00000000.500019247.000000007EFD0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.469265173.0000000001BE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1BE0000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.469925085.0000000002921000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2921000
Size:	28672

Details

Name:	00000006.00000000.481415568.0000000004249000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4249000
Size:	28672

Details

Name:	00000006.00000000.492852713.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	0000000B.00000002.667968489.0000000000070000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	70000
Size:	8192

Details

Name:	00000006.00000000.552871996.0000000007B40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B40000
Size:	4096

Details

Name:	00000004.00000003.463154332.00000000029DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DD000
Size:	409600

Details

Name:	00000006.00000000.469949944.00000000029D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29D0000
Size:	4096

Details

Name:	00000004.00000002.465547371.0000000000190000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	00000006.00000000.469019720.0000000000371000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	371000
Size:	61440

Details

Name:	00000006.00000000.492774299.00000000095E3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95E3000
Size:	24576

Details

Name:	00000006.00000000.471023243.00000000041A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A0000
Size:	4096

Details

Name:	00000007.00000002.670186085.0000000004EEF000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4EEF000
Size:	4096

Details

Name:	00000006.00000000.549362101.000000000457A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	457A000
Size:	77824

Details

Name:	00000006.00000000.490214600.000000000460B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	460B000
Size:	282624

Details

Name:	00000006.00000000.488893574.0000000003D90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D90000
Size:	421888

Details

Name:	0000000B.00000000.587166600.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	00000004.00000003.464221429.0000000002B57000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B57000
Size:	4096

Details

Name:	00000006.00000000.545864035.0000000002520000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2520000
Size:	4096

Details

Name:	00000006.00000000.485221094.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	00000004.00000003.464039378.0000000002900000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2900000
Size:	884736

Details

Name:	00000006.00000000.552158688.0000000004B9D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4B9D000
Size:	12288

Details

Name:	00000006.00000000.487185189.0000000002646000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2646000
Size:	155648

Details

Name:	00000006.00000000.549381263.0000000004593000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4593000
Size:	49152

Details

Name:	00000006.00000000.552499823.00000000069BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69BF000
Size:	8192

Details

Name:	00000006.00000000.485575623.00000000000D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	D0000
Size:	28672

Details

Name:	00000006.00000000.482881185.0000000004D30000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D30000
Size:	8192

Details

Name:	00000006.00000000.471011566.0000000004150000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4150000
Size:	8192

Details

Name:	00000006.00000000.545084632.0000000000020000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	8192

Details

Name:	00000006.00000000.485247608.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000004.00000002.465672441.0000000000480000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	480000
Size:	4096

Details

Name:	00000005.00000002.500779222.0000000000A77000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	A77000
Size:	4096

Details

Name:	00000006.00000000.486059221.0000000000430000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	430000
Size:	20480

Details

Name:	00000006.00000000.486196923.0000000001B65000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B65000
Size:	4096

Details

Name:	00000006.00000000.483269956.000000000556F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	556F000
Size:	4096

Details

Name:	00000006.00000000.479236725.00000000020DA000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20DA000
Size:	40960

Details

Name:	00000006.00000000.469934216.0000000002940000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2940000
Size:	4096

Details

Name:	00000006.00000000.477070846.0000000004D70000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D70000
Size:	8192

Details

Name:	00000007.00000000.500291340.000000007EFC2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000005.00000000.464028975.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000004.00000002.465713244.00000000004F7000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F7000
Size:	4096

Details

Name:	00000005.00000002.500447267.000000000018C000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	18C000
Size:	16384

Details

Name:	00000006.00000000.469239231.0000000001B83000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B83000
Size:	81920

Details

Name:	00000006.00000000.469794099.0000000002533000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2533000
Size:	36864

Details

Name:	00000008.00000000.504117211.0000000000050000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.482991067.0000000004D70000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D70000
Size:	8192

Details

Name:	00000006.00000000.552310569.0000000004DB1000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	4DB1000
Size:	45056

Details

Name:	00000006.00000000.546037910.00000000029E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29E0000
Size:	4096

Details

Name:	00000006.00000000.470450478.0000000002EC1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2EC1000
Size:	12288

Details

Name:	00000006.00000000.492429735.00000000092A4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	92A4000
Size:	454656

Details

Name:	00000007.00000000.500282064.000000007EFB2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.487381427.00000000027C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27C0000
Size:	12288

Details

Name:	00000006.00000000.481856176.00000000045A1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45A1000
Size:	73728

Details

Name:	00000006.00000000.477050321.0000000004D30000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D30000
Size:	8192

Details

Name:	00000004.00000003.465130711.00000000029DA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DA000
Size:	4096

Details

Name:	00000006.00000000.486926640.0000000002120000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2120000
Size:	53248

Details

Name:	00000006.00000000.477582439.0000000008424000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8424000
Size:	8192

Details

Name:	00000006.00000000.470012503.0000000002A30000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A30000
Size:	4096

Details

Name:	00000006.00000000.489604716.00000000043A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	43A0000
Size:	8192

Details

Name:	00000006.00000000.470715270.0000000003DF8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3DF8000
Size:	360448

Details

Name:	00000006.00000000.484901290.0000000009360000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9360000
Size:	262144

Details

Name:	00000004.00000003.464785765.0000000002BC0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2BC0000
Size:	20480

Details

Name:	00000006.00000000.552855617.00000000078E9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	78E9000
Size:	28672

Details

Name:	00000006.00000000.481998120.00000000045D6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D6000
Size:	208896

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.479535919.0000000002A90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A90000
Size:	4096

Details

Name:	00000006.00000000.545957591.0000000002750000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2750000
Size:	16384

Details

Name:	00000006.00000000.479861645.0000000002F20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F20000
Size:	172032

Details

Name:	00000006.00000000.483981120.0000000008355000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8355000
Size:	57344

Details

Name:	00000006.00000000.546718798.0000000003D50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D50000
Size:	8192

Details

Name:	00000006.00000000.490925576.0000000005270000.00000020.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	5270000
Size:	65536

Details

Name:	00000006.00000000.477043631.0000000004C7A000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C7A000
Size:	4096

Details

Name:	00000007.00000002.668150105.00000000002A4000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	2A4000
Size:	8192

Details

Name:	00000006.00000000.468149306.00000000000E0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E0000
Size:	4096

Details

Name:	00000006.00000000.491170929.0000000006D48000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D48000
Size:	32768

Details

Name:	00000006.00000000.477202917.0000000006A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A50000
Size:	4096

Details

Name:	00000006.00000000.479270783.0000000002130000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2130000
Size:	53248

Details

Name:	00000006.00000000.477191819.00000000069BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69BF000
Size:	8192

Details

Name:	00000007.00000002.669517461.00000000024E4000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24E4000
Size:	4096

Details

Name:	00000006.00000000.480395479.0000000003E50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3E50000
Size:	3133440

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000005.00000002.500571498.0000000000610000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	610000
Size:	65536

Details

Name:	00000006.00000000.552684639.000000000728E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	728E000
Size:	12288

Details

Name:	00000006.00000000.478667487.000000000036B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36B000
Size:	4096

Details

Name:	00000005.00000002.500889022.0000000000BF4000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	BF4000
Size:	4096

Details

Name:	00000006.00000000.545923347.000000000263C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	263C000
Size:	36864

Details

Name:	00000006.00000000.477196407.00000000069C8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69C8000
Size:	32768

Details

Name:	00000006.00000000.488584526.00000000030D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30D0000
Size:	8192

Details

Name:	00000008.00000002.505341380.00000000004BD000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4BD000
Size:	8192

Details

Name:	00000006.00000000.471277173.000000000457A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	457A000
Size:	77824

Details

Name:	00000006.00000000.479324001.00000000025C3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	25C3000
Size:	233472

Details

Name:	00000008.00000000.504125501.0000000000060000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000004.00000003.465058744.0000000002900000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2900000
Size:	884736

Details

Name:	00000006.00000000.483815043.0000000007B4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B4B000
Size:	20480

Details

Name:	00000006.00000000.477734085.0000000009260000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9260000
Size:	262144

Details

Name:	00000006.00000000.545206217.0000000000249000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	249000
Size:	8192

Details

Name:	00000006.00000000.552527054.0000000006A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A50000
Size:	4096

Details

Name:	00000006.00000000.479355105.0000000002646000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2646000
Size:	155648

Details

Name:	00000008.00000002.505244827.0000000000010000.00000004.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000000.481440372.0000000004300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4300000
Size:	4096

Details

Name:	00000006.00000000.482912419.0000000004D40000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D40000
Size:	8192

Details

Name:	00000006.00000000.486029867.000000000036F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36F000
Size:	4096

Details

Name:	00000006.00000000.479382940.0000000002750000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2750000
Size:	16384

Details

Name:	00000006.00000000.548957484.000000000447A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	447A000
Size:	126976

Details

Name:	00000007.00000003.500654758.0000000000257000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	257000
Size:	24576

Details

Name:	00000006.00000000.469717368.00000000020B6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20B6000
Size:	57344

Details

Name:	00000007.00000002.669717918.000000000283F000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	283F000
Size:	4096

Details

Name:	0000000B.00000002.668099892.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000006.00000000.480026445.0000000003278000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3278000
Size:	126976

Details

Name:	00000007.00000000.500005015.000000007EFB2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.484565600.0000000008DD8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8DD8000
Size:	32768

Details

Name:	00000006.00000000.492751843.00000000095C5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C5000
Size:	4096

Details

Name:	00000006.00000000.552272902.0000000004D50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D50000
Size:	8192

Details

Name:	00000005.00000000.465006282.00000000001A0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000006.00000000.487753808.0000000002A70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A70000
Size:	4096

Details

Name:	00000004.00000000.458608335.0000000000437000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	437000
Size:	4096

Details

Name:	00000007.00000000.499738840.000000007EFC2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.486079851.00000000005C0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5C0000
Size:	73728

Details

Name:	00000006.00000000.467977451.0000000000030000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	00000006.00000000.490814237.0000000004D40000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D40000
Size:	8192

Details

Name:	00000004.00000002.465763539.00000000005F0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	5F0000
Size:	20480

Details

Name:	00000006.00000000.478579091.000000000029B000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	29B000
Size:	151552

Details

Name:	00000006.00000000.546043540.00000000029F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29F0000
Size:	4096

Details

Name:	00000006.00000000.477919843.00000000095E3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95E3000
Size:	24576

Details

Name:	00000006.00000000.472745227.00000000045CB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CB000
Size:	12288

Details

Name:	00000006.00000000.548924693.0000000004450000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4450000
Size:	167936

Details

Name:	00000006.00000000.546686824.0000000003CA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3CA0000
Size:	4096

Details

Name:	00000006.00000000.473562188.000000000460B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	460B000
Size:	282624

Details

Name:	00000006.00000000.548117767.0000000004160000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4160000
Size:	4096

Details

Name:	00000006.00000000.490837389.0000000004D70000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D70000
Size:	8192

Details

Name:	00000004.00000002.465668039.0000000000440000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	440000
Size:	4096

Details

Name:	00000005.00000002.501348677.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000005.00000000.463038834.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.485691280.0000000000220000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	220000
Size:	8192

Details

Name:	00000007.00000003.620564456.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000007.00000002.669177036.00000000023F0000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23F0000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000007.00000000.496164366.000000007EFB2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000008.00000000.503398729.000000007EFC0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.487042791.0000000002520000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2520000
Size:	4096

Details

Name:	00000008.00000002.505336371.00000000004A0000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4A0000
Size:	4096

Details

Name:	00000006.00000000.488730232.00000000032A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A5000
Size:	4096

Details

Name:	00000008.00000002.505352108.00000000005E7000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5E7000
Size:	4096

Details

Name:	00000006.00000000.477259133.00000000071C2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C2000
Size:	8192

Details

Name:	00000006.00000000.469914070.00000000027C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27C0000
Size:	12288

Details

Name:	00000006.00000000.479283663.00000000024F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	24F0000
Size:	8192

Details

Name:	00000006.00000000.482828987.0000000004C7A000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C7A000
Size:	4096

Details

Name:	00000006.00000000.490022142.00000000045BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45BF000
Size:	45056

Details

Name:	00000006.00000000.480146318.00000000032A9000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A9000
Size:	16384

Details

Name:	00000004.00000003.463194024.0000000002A60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	876544

Details

Name:	00000006.00000000.469039841.0000000000430000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	430000
Size:	20480

Details

Name:	00000006.00000000.545975103.00000000027C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27C0000
Size:	16384

Details

Name:	00000006.00000000.485558666.0000000000040000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	8192

Details

Name:	00000006.00000000.482846310.0000000004D20000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4D20000
Size:	4096

Details

Name:	00000006.00000000.549248073.00000000044E7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	44E7000
Size:	176128

Details

Name:	00000006.00000000.552962952.0000000007E1E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7E1E000
Size:	8192

Details

Name:	00000006.00000000.485841855.0000000000255000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	255000
Size:	282624

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.470605922.00000000032A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A5000
Size:	4096

Details

Name:	00000006.00000000.483835282.0000000007B50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7B50000
Size:	8192

Details

Name:	00000006.00000000.491794024.000000000834B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	834B000
Size:	8192

Details

Name:	00000006.00000000.468365823.00000000001E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1E0000
Size:	4096

Details

Name:	00000006.00000000.477057859.0000000004D40000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D40000
Size:	8192

Details

Name:	00000007.00000003.501482698.00000000020E0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20E0000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.490726073.0000000004AF0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4AF0000
Size:	8192

Details

Name:	00000005.00000000.465028147.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.477307760.000000000744D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	744D000
Size:	12288

Details

Name:	00000007.00000002.669744083.000000000288D000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	288D000
Size:	12288

Details

Name:	00000006.00000000.477318604.00000000074B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B0000
Size:	4096

Details

Name:	00000008.00000000.502987601.000000007EFC0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.552982728.00000000081AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	81AE000
Size:	8192

Details

Name:	00000006.00000000.552485914.000000000556F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	556F000
Size:	4096

Details

Name:	00000006.00000000.488518424.000000000301E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	301E000
Size:	8192

Details

Name:	00000004.00000003.463585445.0000000002900000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2900000
Size:	884736

Details

Name:	00000006.00000000.490975380.0000000005410000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5410000
Size:	4096

Details

Name:	00000006.00000000.477283193.000000000729A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	729A000
Size:	24576

Details

Name:	00000006.00000000.479410912.00000000027A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	27A0000
Size:	8192

Details

Name:	00000006.00000000.485771446.000000000023D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	23D000
Size:	8192

Details

Name:	00000006.00000000.477668319.0000000008DD8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8DD8000
Size:	32768

Details

Name:	00000006.00000000.488941397.0000000003DF8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3DF8000
Size:	360448

Details

Name:	00000006.00000000.552819622.00000000074D3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74D3000
Size:	4096

Details

Name:	00000006.00000000.469817744.00000000025C3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	25C3000
Size:	233472

Details

Name:	00000006.00000000.470533822.00000000030D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30D0000
Size:	8192

Details

Name:	00000007.00000002.670356192.000000007EFDF000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000006.00000000.483316828.00000000069C8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69C8000
Size:	32768

Details

Name:	00000006.00000000.479901605.000000000301E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	301E000
Size:	8192

Details

Name:	00000006.00000000.479279643.00000000021BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	00000006.00000000.545376662.0000000000750000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	750000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000000.479498150.0000000002A00000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A00000
Size:	4096

Details

Name:	00000004.00000003.465292485.0000000002B60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B60000
Size:	368640

Details

Name:	00000007.00000002.669796117.0000000002C87000.00000004.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2C87000
Size:	299008

Details

Name:	00000006.00000000.477269396.000000000728E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	728E000
Size:	12288

Details

Name:	00000006.00000000.545870552.0000000002533000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2533000
Size:	36864

Details

Name:	00000006.00000000.546075554.0000000002A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.481653493.00000000044E7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	44E7000
Size:	176128

Details

Name:	00000007.00000002.668100157.0000000000244000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	244000
Size:	49152

Details

Name:	0000000B.00000000.587205370.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000006.00000000.488615041.00000000030F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30F0000
Size:	8192

Details

Name:	00000006.00000000.485985959.0000000000330000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	4096

Details

Name:	00000006.00000000.481762921.0000000004575000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4575000
Size:	16384

Details

Name:	00000006.00000000.470552750.00000000030F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30F0000
Size:	8192

Details

Name:	00000007.00000002.668116448.0000000000252000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	252000
Size:	303104

Details

Name:	00000006.00000000.468987591.000000000036B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36B000
Size:	4096

Details

Name:	00000006.00000000.477950765.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	00000006.00000000.546313816.0000000002CC7000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2CC7000
Size:	2043904

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000003.464752359.0000000002B60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B60000
Size:	368640

Details

Name:	00000004.00000003.464639932.0000000002A50000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000004.00000003.465267727.0000000002B40000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B40000
Size:	4096

Details

Name:	00000008.00000002.505768227.000000007EFC0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.545181511.0000000000230000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	230000
Size:	20480

Details

Name:	00000008.00000002.505284051.00000000000F0000.00000004.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	8192

Details

Name:	00000006.00000000.470089556.0000000002A90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A90000
Size:	4096

Details

Name:	00000006.00000000.480086103.00000000032A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A0000
Size:	8192

Details

Name:	0000000B.00000002.668058806.00000000006BE000.00000004.00000010.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	6BE000
Size:	8192

Details

Name:	00000004.00000002.465652848.000000000042C000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	42C000
Size:	12288

Details

Name:	00000006.00000000.468102593.00000000000D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	D0000
Size:	28672

Details

Name:	00000007.00000002.668928238.0000000002370000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2370000
Size:	368640

Details

Name:	00000006.00000000.486116803.0000000000750000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	750000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000000.477403248.0000000007CFE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7CFE000
Size:	8192

Details

Name:	00000006.00000000.471072495.0000000004308000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4308000
Size:	32768

Details

Name:	00000006.00000000.477824270.0000000009360000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9360000
Size:	262144

Details

Name:	00000006.00000000.469986968.0000000002A10000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A10000
Size:	4096

Details

Name:	00000005.00000002.501476792.000000007EFE0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000000.483868369.0000000007CFE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7CFE000
Size:	8192

Details

Name:	00000006.00000000.483243851.0000000005390000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5390000
Size:	4096

Details

Name:	00000006.00000000.491836650.0000000008374000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8374000
Size:	372736

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.483967948.000000000834B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	834B000
Size:	8192

Details

Name:	00000006.00000000.545269257.00000000002C7000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	2C7000
Size:	344064

Details

Name:	00000006.00000000.545997487.0000000002940000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2940000
Size:	4096

Details

Name:	00000006.00000000.479892645.0000000002F50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F50000
Size:	12288

Details

Name:	00000006.00000000.468395451.0000000000220000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	220000
Size:	8192

Details

Name:	00000005.00000002.500687500.0000000000970000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	970000
Size:	4096

Details

Name:	00000006.00000000.479514092.0000000002A40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A40000
Size:	4096

Details

Name:	00000005.00000000.464019201.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000007.00000002.669696573.00000000026AF000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	26AF000
Size:	4096

Details

Name:	00000006.00000000.477502255.00000000083D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83D0000
Size:	49152

Details

Name:	00000005.00000002.501191529.00000000023A0000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	23A0000
Size:	155648

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.472792500.00000000045CF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CF000
Size:	16384

Details

Name:	00000004.00000002.465524007.0000000000010000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000008.00000000.503789104.000000007EFB0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.490066547.00000000045D4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D4000
Size:	4096

Details

Name:	00000006.00000000.477025515.0000000004B00000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4B00000
Size:	8192

Details

Name:	00000006.00000000.472835539.00000000045D4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D4000
Size:	4096

Details

Name:	00000006.00000000.470542519.00000000030E0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30E0000
Size:	8192

Details

Name:	00000006.00000000.552192291.0000000004C70000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C70000
Size:	36864

Details

Name:	00000006.00000000.477889403.00000000095C0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C0000
Size:	8192

Details

Name:	00000006.00000000.492325648.0000000009222000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9222000
Size:	245760

Details

Name:	00000006.00000000.470560391.0000000003160000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3160000
Size:	4096

Details

Name:	00000006.00000000.468543048.0000000000249000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	249000
Size:	8192

Details

Name:	00000006.00000000.468169384.00000000000E4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E4000
Size:	49152

Details

Name:	00000006.00000000.485883867.000000000029B000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	29B000
Size:	151552

Details

Name:	00000006.00000000.468509855.0000000000243000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	243000
Size:	8192

Details

Name:	00000006.00000000.545094908.0000000000030000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	00000006.00000000.470109547.0000000002AE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2AE0000
Size:	1986560

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to development resources	System Summary
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000002.465613076.0000000000401000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	24576

Details

Name:	00000004.00000002.467353636.0000000010000000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10000000
Size:	4096

Details

Name:	00000006.00000000.469904013.0000000002760000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2760000
Size:	8192

Details

Name:	00000006.00000000.480255019.0000000003D50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D50000
Size:	8192

Details

Name:	00000006.00000000.545105183.0000000000040000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	8192

Details

Name:	00000007.00000002.668084697.0000000000220000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	220000
Size:	16384

Details

Name:	00000006.00000000.468307976.00000000001CE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1CE000
Size:	12288

Details

Name:	00000006.00000000.485635020.0000000000110000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	4096

Details

Name:	00000006.00000000.470479379.0000000002F50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F50000
Size:	12288

Details

Name:	00000006.00000000.470674199.0000000003D50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D50000
Size:	8192

Details

Name:	00000006.00000000.477207425.0000000006A5A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A5A000
Size:	24576

Details

Name:	00000006.00000000.486206289.0000000001B83000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B83000
Size:	81920

Details

Name:	00000007.00000002.668584555.0000000002260000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2260000
Size:	4096

Details

Name:	00000004.00000003.463749414.0000000002B54000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B54000
Size:	4096

Details

Name:	00000004.00000002.465533573.000000000008B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8B000
Size:	20480

Details

Name:	00000006.00000000.468950653.0000000000330000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	4096

Details

Name:	00000006.00000000.477329361.00000000074D3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74D3000
Size:	4096

Details

Name:	00000006.00000000.546710228.0000000003D4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D4B000
Size:	20480

Details

Name:	00000006.00000000.469740948.0000000002110000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2110000
Size:	53248

Details

Name:	00000006.00000000.552698431.000000000729A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	729A000
Size:	24576

Details

Name:	0000000B.00000002.668079305.000000007EFE0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000004.00000003.463674211.0000000002A50000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.477644285.0000000008720000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8720000
Size:	53248

Details

Name:	00000007.00000000.499704672.0000000000050000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.488857931.0000000003D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D40000
Size:	4096

Details

Name:	00000006.00000000.469786787.0000000002520000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2520000
Size:	4096

Details

Name:	00000005.00000002.500764072.0000000000A60000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	A60000
Size:	4096

Details

Name:	00000006.00000000.492844301.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	00000008.00000002.505330517.0000000000420000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	420000
Size:	16384

Details

Name:	00000004.00000003.463259607.0000000002B51000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B51000
Size:	4096

Details

Name:	00000008.00000000.503878626.000000007EFD0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.486185683.0000000001B60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B60000
Size:	8192

Details

Name:	00000007.00000000.499744341.000000007EFD0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000005.00000002.500536603.0000000000430000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	430000
Size:	258048

Details

Name:	00000007.00000002.668606015.0000000002270000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2270000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.487582024.0000000002A00000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A00000
Size:	4096

Details

Name:	00000006.00000000.491227792.00000000071C7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C7000
Size:	36864

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.477155390.0000000005270000.00000020.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	5270000
Size:	65536

Details

Name:	00000006.00000000.492654550.00000000094E0000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	94E0000
Size:	258048

Details

Name:	00000006.00000000.488221442.0000000002CC7000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2CC7000
Size:	2043904

Details

Name:	00000006.00000000.478414066.0000000000030000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	00000006.00000000.469727206.00000000020DA000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20DA000
Size:	40960

Details

Name:	00000004.00000002.466372738.0000000002280000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2280000
Size:	4112384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000007.00000000.496180082.000000007EFC2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.492367334.0000000009260000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9260000
Size:	262144

Details

Name:	00000006.00000000.485536007.0000000000020000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	8192

Details

Name:	00000008.00000000.504159002.000000007EFC0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.469977703.0000000002A00000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A00000
Size:	4096

Details

Name:	00000004.00000002.465552492.00000000001A0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000006.00000000.477662028.0000000008C3E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C3E000
Size:	28672

Details

Name:	00000006.00000000.477017756.0000000004AC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AC0000
Size:	4096

Details

Name:	00000006.00000000.482806996.0000000004C70000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C70000
Size:	36864

Details

Name:	00000005.00000002.500783431.0000000000A80000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	A80000
Size:	368640

Details

Name:	00000006.00000000.478422654.0000000000040000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	8192

Details

Name:	00000006.00000000.490709734.0000000004AAD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AAD000
Size:	12288

Details

Name:	00000006.00000000.552939757.0000000007D20000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7D20000
Size:	24576

Details

Name:	00000006.00000000.483353787.0000000006A5A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A5A000
Size:	24576

Details

Name:	00000006.00000000.488540357.000000000309E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	309E000
Size:	16384

Details

Name:	00000007.00000003.597992278.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000005.00000002.501065664.0000000000C70000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	C70000
Size:	12288

Details

Name:	00000006.00000000.548900380.00000000043B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	43B0000
Size:	4096

Details

Name:	00000006.00000000.548823196.0000000004308000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4308000
Size:	32768

Details

Name:	00000005.00000003.466630118.00000000005A0000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	5A0000
Size:	20480

Details

Name:	00000006.00000000.481943382.00000000045CB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CB000
Size:	12288

Details

Name:	00000004.00000002.465556593.0000000000240000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	240000
Size:	8192

Details

Name:	00000005.00000002.501039568.0000000000C60000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	C60000
Size:	20480

Details

Name:	00000006.00000000.546505834.0000000002EC1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2EC1000
Size:	12288

Details

Name:	00000006.00000000.479481824.00000000029D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29D0000
Size:	4096

Details

Name:	00000004.00000003.464734862.0000000002B40000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B40000
Size:	4096

Details

Name:	00000006.00000000.552115503.0000000004AF0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4AF0000
Size:	8192

Details

Name:	00000006.00000000.552763637.000000000744D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	744D000
Size:	12288

Details

Name:	00000006.00000000.482735119.0000000004B00000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4B00000
Size:	8192

Details

Name:	00000006.00000000.489551447.0000000004249000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4249000
Size:	28672

Details

Name:	00000006.00000000.469221881.0000000001B65000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B65000
Size:	4096

Details

Name:	00000006.00000000.469898009.0000000002750000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2750000
Size:	16384

Details

Name:	00000006.00000000.482750347.0000000004B9D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4B9D000
Size:	12288

Details

Name:	00000006.00000000.491260407.000000000728E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	728E000
Size:	12288

Details

Name:	00000006.00000000.477011561.0000000004AAD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AAD000
Size:	12288

Details

Name:	00000005.00000002.500893633.0000000000BF7000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	BF7000
Size:	4096

Details

Name:	00000006.00000000.545419135.0000000001B65000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B65000
Size:	4096

Details

Name:	00000006.00000000.552028880.0000000004AAD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AAD000
Size:	12288

Details

Name:	00000004.00000002.465880350.0000000001D94000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1D94000
Size:	4096

Details

Name:	0000000B.00000002.668070500.0000000000C3E000.00000004.00000010.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C3E000
Size:	8192

Details

Name:	00000004.00000002.465621412.0000000000407000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	407000
Size:	8192

Details

Name:	00000006.00000000.479931482.00000000030C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	00000004.00000002.465541094.000000000018B000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	18B000
Size:	20480

Details

Name:	00000005.00000002.501374135.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.552829669.000000000782F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	782F000
Size:	8192

Details

Name:	00000006.00000000.477038072.0000000004C70000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C70000
Size:	36864

Details

Name:	00000006.00000000.483621002.000000000744D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	744D000
Size:	12288

Details

Name:	00000006.00000000.487536211.00000000029E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29E0000
Size:	4096

Details

Name:	00000005.00000000.465031990.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.478404808.0000000000020000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	8192

Details

Name:	00000007.00000002.668238422.0000000000880000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	880000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000000.552141478.0000000004B00000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4B00000
Size:	8192

Details

Name:	00000006.00000000.546597813.00000000031FF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	31FF000
Size:	4096

Details

Name:	00000006.00000000.478540548.0000000000243000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	243000
Size:	8192

Details

Name:	00000007.00000002.668178813.0000000000660000.00000040.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	660000
Size:	155648

Details

Name:	00000006.00000000.487116657.00000000025C3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	25C3000
Size:	233472

Details

Name:	00000006.00000000.552913253.0000000007BD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7BD0000
Size:	4096

Details

Name:	00000006.00000000.481819863.0000000004593000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4593000
Size:	49152

Details

Name:	0000000B.00000000.587199002.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000005.00000003.466695502.0000000000020000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	40960

Details

Name:	00000006.00000000.485998849.000000000034E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	34E000
Size:	114688

Details

Name:	00000006.00000000.478775588.0000000001B65000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B65000
Size:	4096

Details

Name:	00000006.00000000.489727883.000000000449C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	449C000
Size:	303104

Details

Name:	00000006.00000000.552290722.0000000004D70000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D70000
Size:	8192

Details

Name:	00000005.00000000.463565740.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000005.00000002.500438605.000000000008D000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8D000
Size:	12288

Details

Name:	00000006.00000000.486958035.0000000002130000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2130000
Size:	53248

Details

Name:	00000006.00000000.468417646.0000000000230000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	230000
Size:	20480

Details

Name:	00000006.00000000.471163088.000000000449C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	449C000
Size:	303104

Details

Name:	00000007.00000002.669134653.00000000023E0000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23E0000
Size:	4096

Details

Name:	00000006.00000000.479699623.0000000002CC7000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2CC7000
Size:	2043904

Details

Name:	00000006.00000000.546541408.00000000030A8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30A8000
Size:	32768

Details

Name:	00000008.00000000.503862623.000000007EFC2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.483507045.00000000071C2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C2000
Size:	8192

Details

Name:	00000006.00000000.491734302.0000000008320000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8320000
Size:	163840

Details

Name:	00000005.00000002.501128858.0000000000E10000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	E10000
Size:	73728

Details

Name:	00000007.00000003.500641100.000000000025D000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	25D000
Size:	20480

Details

Name:	00000006.00000000.552325636.0000000004DC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4DC0000
Size:	4096

Details

Name:	00000004.00000002.465913297.0000000001DD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1DD0000
Size:	913408

Details

Name:	00000007.00000000.499724654.000000007EFB2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.545194429.000000000023D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	23D000
Size:	8192

Details

Name:	00000006.00000000.468926618.000000000031D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	31D000
Size:	77824

Details

Name:	00000006.00000000.477945979.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	0000000B.00000002.668005907.0000000000300000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	300000
Size:	16384

Details

Name:	00000008.00000002.505758802.000000007EFB0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.488981931.0000000003E50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3E50000
Size:	3133440

Details

Name:	00000006.00000000.489806703.00000000044E7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	44E7000
Size:	176128

Details

Name:	00000008.00000000.504152096.000000007EFB2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.471090441.00000000043A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	43A0000
Size:	8192

Details

Name:	00000007.00000002.668070405.0000000000170000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	170000
Size:	57344

Details

Name:	00000006.00000000.468800389.00000000002C7000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	2C7000
Size:	344064

Details

Name:	00000007.00000002.669461412.00000000024D0000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24D0000
Size:	4096

Details

Name:	00000006.00000000.492602552.00000000093A3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	93A3000
Size:	237568

Details

Name:	00000006.00000000.483650366.00000000074B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B0000
Size:	4096

Details

Name:	00000007.00000000.500295644.000000007EFD0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.483213735.000000000532E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	532E000
Size:	8192

Details

Name:	00000006.00000000.489924345.000000000457A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	457A000
Size:	77824

Details

Name:	00000006.00000000.478535347.000000000023D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	23D000
Size:	8192

Details

Name:	00000006.00000000.491572423.0000000007B40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B40000
Size:	4096

Details

Name:	00000006.00000000.549458972.00000000045D4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D4000
Size:	4096

Details

Name:	00000006.00000000.479527523.0000000002A70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A70000
Size:	4096

Details

Name:	00000006.00000000.549285741.0000000004513000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4513000
Size:	360448

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.491549119.00000000078E9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	78E9000
Size:	28672

Details

Name:	00000006.00000000.490830707.0000000004D60000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D60000
Size:	8192

Details

Name:	00000005.00000000.464510445.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.483731540.0000000007839000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7839000
Size:	28672

Details

Name:	00000007.00000002.668224716.000000000085E000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	85E000
Size:	8192

Details

Name:	00000006.00000000.468264566.0000000000140000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	140000
Size:	8192

Details

Name:	00000005.00000002.501104680.0000000000C80000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C80000
Size:	20480

Details

Name:	00000006.00000000.487169053.000000000263C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	263C000
Size:	36864

Details

Name:	00000005.00000000.464016185.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.471102472.0000000004450000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4450000
Size:	167936

Details

Name:	00000006.00000000.477218452.0000000006BBE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6BBE000
Size:	8192

Details

Name:	00000006.00000000.490039717.00000000045CB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CB000
Size:	12288

Details

Name:	00000006.00000000.490961081.0000000005390000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5390000
Size:	4096

Details

Name:	00000006.00000000.471259464.000000000456F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	456F000
Size:	20480

Details

Name:	00000006.00000000.481684893.0000000004513000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4513000
Size:	360448

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000002.465602850.00000000003BE000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	3BE000
Size:	8192

Details

Name:	00000006.00000000.477682758.00000000091E3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	91E3000
Size:	237568

Details

Name:	00000004.00000002.467384479.0000000010016000.00000040.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	10016000
Size:	8192

Details

Name:	00000006.00000000.479906536.000000000309E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	309E000
Size:	16384

Details

Name:	00000006.00000000.471270756.0000000004575000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4575000
Size:	16384

Details

Name:	00000004.00000003.464149591.0000000002A60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	876544

Details

Name:	00000006.00000000.470062360.0000000002A70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A70000
Size:	4096

Details

Name:	00000006.00000000.477653896.0000000008C20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C20000
Size:	4096

Details

Name:	00000006.00000000.480334213.0000000003DF8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3DF8000
Size:	360448

Details

Name:	00000006.00000000.546730671.0000000003D90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D90000
Size:	421888

Details

Name:	00000008.00000000.502943936.000000007EFB0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000007.00000003.565721522.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000004.00000003.463679337.0000000002A60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	876544

Details

Name:	00000006.00000000.491322102.00000000073BB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73BB000
Size:	20480

Details

Name:	00000006.00000000.552475307.0000000005410000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5410000
Size:	4096

Details

Name:	00000005.00000003.466451081.0000000000430000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	430000
Size:	4096

Details

Name:	00000004.00000000.458629940.000000007EFD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.470036115.0000000002A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.477587804.0000000008428000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8428000
Size:	167936

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000005.00000002.500580409.0000000000690000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	690000
Size:	57344

Details

Name:	00000006.00000000.486038304.0000000000371000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	371000
Size:	61440

Details

Name:	00000007.00000003.501704273.00000000000C0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	C0000
Size:	40960

Details

Name:	00000006.00000000.470565525.00000000031FF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	31FF000
Size:	4096

Details

Name:	00000006.00000000.490946986.0000000005360000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	5360000
Size:	12288

Details

Name:	00000006.00000000.480231334.0000000003D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D40000
Size:	4096

Details

Name:	00000006.00000000.552614039.0000000006D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D40000
Size:	4096

Details

Name:	00000007.00000003.500682918.000000000024E000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	24E000
Size:	40960

Details

Name:	00000006.00000000.489980128.00000000045A1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45A1000
Size:	73728

Details

Name:	00000006.00000000.477450145.000000000834B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	834B000
Size:	8192

Details

Name:	00000006.00000000.485595173.00000000000E0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E0000
Size:	4096

Details

Name:	00000004.00000000.458586758.0000000000400000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000006.00000000.545826882.0000000002120000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2120000
Size:	53248

Details

Name:	00000005.00000000.463012581.0000000000401000.00000020.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	24576

Details

Name:	00000006.00000000.477169531.0000000005360000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	5360000
Size:	12288

Details

Name:	00000006.00000000.545857726.0000000002500000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2500000
Size:	8192

Details

Name:	00000006.00000000.546032549.00000000029D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29D0000
Size:	4096

Details

Name:	00000006.00000000.552801202.00000000074B4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B4000
Size:	4096

Details

Name:	00000007.00000000.496185430.000000007EFD0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.477349699.0000000007839000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7839000
Size:	28672

Details

Name:	00000007.00000002.670120431.0000000004CAE000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4CAE000
Size:	8192

Details

Name:	00000004.00000003.464538050.0000000002900000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2900000
Size:	884736

Details

Name:	00000006.00000000.546565227.00000000030D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30D0000
Size:	8192

Details

Name:	00000006.00000000.469187226.0000000001B50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1B50000
Size:	4096

Details

Name:	00000005.00000000.464022164.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.484252709.00000000083F8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83F8000
Size:	16384

Details

Name:	00000006.00000000.490056874.00000000045CF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CF000
Size:	16384

Details

Name:	00000007.00000002.668002499.00000000000A0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	A0000
Size:	4096

Details

Name:	00000006.00000000.545981439.00000000027E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27E0000
Size:	4096

Details

Name:	00000006.00000000.546784021.0000000003DF8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3DF8000
Size:	360448

Details

Name:	00000006.00000000.489999093.00000000045B4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45B4000
Size:	36864

Details

Name:	00000007.00000003.501599404.00000000021D7000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	21D7000
Size:	4096

Details

Name:	00000006.00000000.489912336.0000000004575000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4575000
Size:	16384

Details

Name:	00000006.00000000.485170977.000000007EFE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000008.00000002.505317058.0000000000360000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	360000
Size:	12288

Details

Name:	00000006.00000000.487792647.0000000002A90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A90000
Size:	4096

Details

Name:	00000006.00000000.491025984.00000000069C8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69C8000
Size:	32768

Details

Name:	00000006.00000000.491210263.00000000071C2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C2000
Size:	8192

Details

Name:	00000006.00000000.479943705.00000000030D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30D0000
Size:	8192

Details

Name:	00000006.00000000.545200715.0000000000243000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	243000
Size:	8192

Details

Name:	00000006.00000000.479246320.0000000002100000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2100000
Size:	8192

Details

Name:	00000006.00000000.469938367.000000000295C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	295C000
Size:	49152

Details

Name:	00000006.00000000.489534671.00000000041A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A5000
Size:	45056

Details

Name:	00000006.00000000.552509838.00000000069C8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69C8000
Size:	32768

Details

Name:	00000006.00000000.488699424.0000000003298000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3298000
Size:	32768

Details

Name:	00000005.00000002.500875457.0000000000BE0000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	BE0000
Size:	4096

Details

Name:	00000006.00000000.477102262.0000000004DC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4DC0000
Size:	4096

Details

Name:	00000006.00000000.491291605.00000000073B9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73B9000
Size:	4096

Details

Name:	00000006.00000000.545964048.0000000002760000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2760000
Size:	8192

Details

Name:	00000006.00000000.488881477.0000000003D50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D50000
Size:	8192

Details

Name:	00000008.00000002.505786484.000000007EFE0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	0000000B.00000002.668047082.00000000004CF000.00000004.00000010.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4CF000
Size:	4096

Details

Name:	00000008.00000000.503835955.000000007EFC0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.552655174.00000000071C2000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C2000
Size:	8192

Details

Name:	00000004.00000000.458591571.0000000000401000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	24576

Details

Name:	00000007.00000002.667955089.0000000000050000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.488554946.00000000030A8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30A8000
Size:	32768

Details

Name:	00000006.00000000.490718455.0000000004AC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AC0000
Size:	4096

Details

Name:	00000006.00000000.477323531.00000000074B4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B4000
Size:	4096

Details

Name:	00000006.00000000.477297438.00000000073B9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73B9000
Size:	4096

Details

Name:	00000004.00000003.465273761.0000000002B51000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B51000
Size:	4096

Details

Name:	0000000B.00000002.667929070.0000000000010000.00000004.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000007.00000000.496173765.000000007EFC0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000002.465609046.0000000000400000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000006.00000000.477186975.000000000556F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	556F000
Size:	4096

Details

Name:	00000006.00000000.483440055.0000000006D48000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D48000
Size:	32768

Details

Name:	00000004.00000002.465574424.0000000000270000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	270000
Size:	20480

Details

Name:	00000006.00000000.479845080.0000000002EC1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2EC1000
Size:	12288

Details

Name:	00000004.00000003.463642632.00000000029DA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DA000
Size:	4096

Details

Name:	00000006.00000000.487459704.0000000002940000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2940000
Size:	4096

Details

Name:	00000006.00000000.477249654.0000000006E50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6E50000
Size:	4096

Details

Name:	00000006.00000000.469104382.00000000005C0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5C0000
Size:	73728

Details

Name:	00000006.00000000.477379232.0000000007B4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B4B000
Size:	20480

Details

Name:	00000006.00000000.468574082.0000000000255000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	255000
Size:	282624

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000002.467360407.0000000010001000.00000020.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	10001000
Size:	61440

Details

Name:	00000006.00000000.478394500.0000000000010000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000007.00000000.500287056.000000007EFC0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000004.00000003.463189985.0000000002A50000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.481894966.00000000045B4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45B4000
Size:	36864

Details

Name:	00000006.00000000.487827123.0000000002AA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2AA0000
Size:	4096

Details

Name:	00000005.00000002.500628095.0000000000870000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	870000
Size:	16384

Details

Name:	00000005.00000002.500818084.0000000000B00000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	B00000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.545318976.000000000036B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36B000
Size:	4096

Details

Name:	00000006.00000000.483261611.0000000005410000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5410000
Size:	4096

Details

Name:	00000006.00000000.491137677.0000000006C59000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6C59000
Size:	28672

Details

Name:	00000006.00000000.477757845.00000000092A4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	92A4000
Size:	454656

Details

Name:	00000006.00000000.483673625.00000000074B4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B4000
Size:	4096

Details

Name:	00000004.00000002.467378788.0000000010010000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10010000
Size:	24576

Details

Name:	00000006.00000000.546651854.00000000032A9000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A9000
Size:	16384

Details

Name:	00000008.00000000.504145069.000000007EFB0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000007.00000000.500248692.0000000000050000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000007.00000002.668196545.0000000000690000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	690000
Size:	73728

Details

Name:	00000007.00000002.670079602.0000000004B3F000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4B3F000
Size:	4096

Details

Name:	00000006.00000000.478501437.00000000001E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1E0000
Size:	4096

Details

Name:	00000007.00000003.500702124.000000000024C000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	24C000
Size:	24576

Details

Name:	00000006.00000000.477955459.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000006.00000000.545989883.0000000002921000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2921000
Size:	28672

Details

Name:	00000006.00000000.489523295.00000000041A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A0000
Size:	4096

Details

Name:	00000006.00000000.469127632.0000000000750000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	750000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000000.468738354.000000000029B000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	29B000
Size:	151552

Details

Name:	00000006.00000000.470600493.00000000032A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A0000
Size:	8192

Details

Name:	00000005.00000000.464010636.0000000000400000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	4096

Details

Name:	00000006.00000000.552566439.0000000006A60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6A60000
Size:	8192

Details

Name:	00000006.00000000.471205688.00000000044E7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	44E7000
Size:	176128

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000006.00000000.487688816.0000000002A40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A40000
Size:	4096

Details

Name:	00000008.00000002.505372064.0000000000860000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	860000
Size:	12288

Details

Name:	00000006.00000000.485545282.0000000000030000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	00000006.00000000.484513721.0000000008C20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C20000
Size:	4096

Details

Name:	00000005.00000002.500491585.0000000000380000.00000004.00000040.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	380000
Size:	8192

Details

Name:	00000006.00000000.545250826.000000000029B000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	29B000
Size:	151552

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000007.00000002.669091514.00000000023D0000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	23D0000
Size:	20480

Details

Name:	00000006.00000000.477426140.00000000081AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	81AE000
Size:	8192

Details

Name:	00000006.00000000.485684158.00000000001E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1E0000
Size:	4096

Details

Name:	00000006.00000000.483917876.0000000008320000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8320000
Size:	163840

Details

Name:	00000006.00000000.470657014.0000000003D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D40000
Size:	4096

Details

Name:	00000006.00000000.469893346.0000000002740000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2740000
Size:	8192

Details

Name:	00000007.00000002.668808495.0000000002360000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2360000
Size:	12288

Details

Name:	00000005.00000000.463019557.0000000000407000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	407000
Size:	8192

Details

Name:	00000006.00000000.479347499.000000000263C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	263C000
Size:	36864

Details

Name:	0000000B.00000002.668092051.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	00000006.00000000.471082580.0000000004389000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4389000
Size:	28672

Details

Name:	00000006.00000000.479300381.0000000002533000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2533000
Size:	36864

Details

Name:	00000006.00000000.477066308.0000000004D60000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D60000
Size:	8192

Details

Name:	00000007.00000003.642031962.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000006.00000000.548852377.0000000004389000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4389000
Size:	28672

Details

Name:	00000006.00000000.478441163.00000000000E0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E0000
Size:	4096

Details

Name:	00000006.00000000.489692590.000000000447A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	447A000
Size:	126976

Details

Name:	00000005.00000003.466573489.0000000000534000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	534000
Size:	4096

Details

Name:	00000004.00000003.464744952.0000000002B54000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B54000
Size:	4096

Details

Name:	00000006.00000000.480179303.0000000003C90000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	3C90000
Size:	12288

Details

Name:	00000006.00000000.546572893.00000000030E0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30E0000
Size:	8192

Details

Name:	00000006.00000000.492724207.0000000009561000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	9561000
Size:	4096

Details

Name:	00000006.00000000.545969787.00000000027A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	27A0000
Size:	8192

Details

Name:	00000006.00000000.490750287.0000000004BB0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4BB0000
Size:	4096

Details

Name:	00000006.00000000.477021702.0000000004AF0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4AF0000
Size:	8192

Details

Name:	00000007.00000000.499732271.000000007EFC0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.489505008.0000000004150000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4150000
Size:	8192

Details

Name:	00000006.00000000.470001597.0000000002A20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A20000
Size:	4096

Details

Name:	00000006.00000000.484597210.00000000091E3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	91E3000
Size:	237568

Details

Name:	00000004.00000003.463645741.00000000029DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DD000
Size:	409600

Details

Name:	00000005.00000002.500884602.0000000000BF1000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	BF1000
Size:	4096

Details

Name:	00000006.00000000.483896031.0000000007E1E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7E1E000
Size:	8192

Details

Name:	0000000B.00000002.667941606.0000000000030000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	12288

Details

Name:	00000006.00000000.479425946.00000000027C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27C0000
Size:	12288

Details

Name:	00000006.00000000.479465538.0000000002940000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2940000
Size:	4096

Details

Name:	00000006.00000000.485608694.00000000000E4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E4000
Size:	49152

Details

Name:	00000006.00000000.546695369.0000000003CC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3CC0000
Size:	8192

Details

Name:	00000006.00000000.487021890.0000000002500000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2500000
Size:	8192

Details

Name:	00000004.00000002.467340702.00000000028C0000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	28C0000
Size:	4096

Details

Name:	00000006.00000000.471135729.000000000447A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	447A000
Size:	126976

Details

Name:	00000006.00000000.485527414.0000000000010000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000000.477455335.0000000008355000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8355000
Size:	57344

Details

Name:	00000006.00000000.477164594.000000000532E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	532E000
Size:	8192

Details

Name:	00000006.00000000.487053896.0000000002533000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2533000
Size:	36864

Details

Name:	00000006.00000000.489575436.0000000004308000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4308000
Size:	32768

Details

Name:	00000006.00000000.485271717.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000006.00000000.479473350.000000000295C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	295C000
Size:	49152

Details

Name:	00000004.00000000.458616701.000000007EFB2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.487651319.0000000002A30000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A30000
Size:	4096

Details

Name:	00000006.00000000.479251643.0000000002110000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2110000
Size:	53248

Details

Name:	00000004.00000000.458597295.0000000000407000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	407000
Size:	8192

Details

Name:	00000006.00000000.481269333.0000000004160000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4160000
Size:	4096

Details

Name:	00000007.00000003.501586219.00000000021D1000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	21D1000
Size:	4096

Details

Name:	00000008.00000000.503343074.000000007EFB0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.546641786.00000000032A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A5000
Size:	4096

Details

Name:	00000006.00000000.477254459.000000000714E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	714E000
Size:	8192

Details

Name:	00000006.00000000.548349775.0000000004300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4300000
Size:	4096

Details

Name:	00000006.00000000.481564957.000000000447A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	447A000
Size:	126976

Details

Name:	00000007.00000003.500695194.000000000025D000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	25D000
Size:	20480

Details

Name:	00000006.00000000.545340152.0000000000430000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	430000
Size:	20480

Details

Name:	00000006.00000000.546679196.0000000003C90000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	3C90000
Size:	12288

Details

Name:	00000006.00000000.488798075.0000000003C90000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	3C90000
Size:	12288

Details

Name:	00000006.00000000.546054055.0000000002A10000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A10000
Size:	4096

Details

Name:	00000006.00000000.548074864.0000000004150000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4150000
Size:	8192

Details

Name:	00000007.00000002.667947412.0000000000030000.00000004.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	30000
Size:	8192

Details

Name:	00000008.00000000.502907121.0000000000060000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000004.00000003.464215576.0000000002B51000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B51000
Size:	4096

Details

Name:	00000005.00000003.466564154.0000000000520000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	4096

Details

Name:	00000006.00000000.552353359.0000000004E60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E60000
Size:	4096

Details

Name:	00000006.00000000.549425069.00000000045BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45BF000
Size:	45056

Details

Name:	00000004.00000002.467389132.0000000010019000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	10019000
Size:	4096

Details

Name:	00000007.00000002.669486439.00000000024E1000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24E1000
Size:	4096

Details

Name:	00000006.00000000.479502178.0000000002A10000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A10000
Size:	4096

Details

Name:	00000006.00000000.545112778.00000000000D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	D0000
Size:	28672

Details

Name:	00000006.00000000.491159276.0000000006D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D40000
Size:	4096

Details

Name:	00000004.00000002.465658706.0000000000434000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	434000
Size:	8192

Details

Name:	00000006.00000000.490849720.0000000004DB1000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	4DB1000
Size:	45056

Details

Name:	00000006.00000000.552253308.0000000004D30000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D30000
Size:	8192

Details

Name:	00000006.00000000.481479333.0000000004389000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4389000
Size:	28672

Details

Name:	00000006.00000000.478525783.0000000000237000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	237000
Size:	16384

Details

Name:	00000007.00000003.500579868.000000000205A000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	205A000
Size:	4096

Details

Name:	00000006.00000000.490798151.0000000004D30000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D30000
Size:	8192

Details

Name:	00000005.00000000.464514225.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000004.00000001.460289369.0000000010000000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	10000000
Size:	4096

Details

Name:	00000006.00000000.484971579.00000000093A3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	93A3000
Size:	237568

Details

Name:	00000004.00000003.464110648.00000000029DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DD000
Size:	409600

Details

Name:	00000006.00000000.477367217.00000000079F0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	79F0000
Size:	4096

Details

Name:	00000006.00000000.492045731.0000000008424000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8424000
Size:	8192

Details

Name:	00000006.00000000.487215292.0000000002740000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2740000
Size:	8192

Details

Name:	00000006.00000000.470640043.0000000003CA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3CA0000
Size:	4096

Details

Name:	00000006.00000000.477391063.0000000007BD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7BD0000
Size:	4096

Details

Name:	00000006.00000000.478720439.0000000000750000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	750000
Size:	339968

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000006.00000000.552334216.0000000004DD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4DD0000
Size:	8192

Details

Name:	00000006.00000000.491348797.000000000744D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	744D000
Size:	12288

Details

Name:	00000006.00000000.478703494.00000000005C0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5C0000
Size:	73728

Details

Name:	00000007.00000003.500502005.0000000001F80000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F80000
Size:	884736

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.492559706.0000000009360000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9360000
Size:	262144

Details

Name:	00000006.00000000.479262137.0000000002120000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2120000
Size:	53248

Details

Name:	00000007.00000003.500674269.0000000000258000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	258000
Size:	20480

Details

Name:	00000006.00000000.488453950.0000000002F20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F20000
Size:	172032

Details

Name:	00000008.00000000.503004566.000000007EFC2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000007.00000000.500014503.000000007EFC2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.481785766.000000000457A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	457A000
Size:	77824

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000006.00000000.483487225.000000000714E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	714E000
Size:	8192

Details

Name:	00000006.00000000.545931342.0000000002646000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2646000
Size:	155648

Details

Name:	00000005.00000000.464006681.00000000001A0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000007.00000002.668036904.000000000013D000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	13D000
Size:	12288

Details

Name:	00000006.00000000.483460918.0000000006E50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6E50000
Size:	4096

Details

Name:	00000006.00000000.480237467.0000000003D4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D4B000
Size:	20480

Details

Name:	00000006.00000000.549395111.00000000045A1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45A1000
Size:	73728

Details

Name:	00000006.00000000.488822513.0000000003CA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3CA0000
Size:	4096

Details

Name:	00000006.00000000.479957144.00000000030E0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30E0000
Size:	8192

Details

Name:	00000006.00000000.486896632.0000000002110000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2110000
Size:	53248

Details

Name:	00000006.00000000.545150536.0000000000140000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	140000
Size:	8192

Details

Name:	00000006.00000000.548203537.00000000041A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A5000
Size:	45056

Details

Name:	00000006.00000000.477034280.0000000004BB0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4BB0000
Size:	4096

Details

Name:	00000006.00000000.479510174.0000000002A30000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A30000
Size:	4096

Details

Name:	00000006.00000000.552263390.0000000004D40000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D40000
Size:	8192

Details

Name:	00000006.00000000.546836902.0000000003E50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3E50000
Size:	3133440

Details

Name:	00000004.00000003.459142722.0000000002870000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2870000
Size:	4096

Details

Name:	00000004.00000003.463262394.0000000002B54000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B54000
Size:	4096

Details

Name:	00000006.00000000.477046964.0000000004D20000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4D20000
Size:	4096

Details

Name:	00000004.00000003.463742981.0000000002B40000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B40000
Size:	4096

Details

Name:	00000005.00000000.463048782.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.478691780.0000000000430000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	430000
Size:	20480

Details

Name:	00000006.00000000.486998592.00000000024F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	24F0000
Size:	8192

Details

Name:	00000007.00000002.670321931.000000007EFC2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000005.00000002.500638582.0000000000894000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	894000
Size:	16384

Details

Name:	00000006.00000000.487770921.0000000002A80000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A80000
Size:	4096

Details

Name:	00000006.00000000.478795946.0000000001BE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1BE0000
Size:	4112384

Details

Name:	00000006.00000000.487322412.00000000027A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	27A0000
Size:	8192

Details

Name:	00000004.00000003.464644218.0000000002A60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	876544

Details

Name:	00000005.00000000.463571727.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.487408657.00000000027E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27E0000
Size:	4096

Details

Name:	00000006.00000000.478698144.00000000005B0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5B0000
Size:	12288

Details

Name:	00000006.00000000.480015153.0000000003270000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3270000
Size:	28672

Details

Name:	00000004.00000002.468955642.000000007EFE0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000000.484663316.0000000009222000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9222000
Size:	245760

Details

Name:	00000006.00000000.479143168.0000000001FD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1FD0000
Size:	913408

Details

Name:	00000006.00000000.545121260.00000000000E0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E0000
Size:	4096

Details

Name:	00000007.00000002.668156888.000000000042C000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	42C000
Size:	16384

Details

Name:	00000007.00000002.668092645.0000000000227000.00000004.00000020.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	227000
Size:	4096

Details

Name:	00000006.00000000.552224239.0000000004C7A000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C7A000
Size:	4096

Details

Name:	00000006.00000000.489959161.0000000004593000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4593000
Size:	49152

Details

Name:	0000000B.00000002.668032522.000000000034B000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	34B000
Size:	45056

Details

Name:	00000004.00000003.463254950.0000000002B40000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B40000
Size:	4096

Details

Name:	00000007.00000002.668480050.0000000001FBE000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	1FBE000
Size:	8192

Details

Name:	00000006.00000000.487865513.0000000002AE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2AE0000
Size:	1986560

Details

Name:	00000006.00000000.545323266.000000000036F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36F000
Size:	4096

Details

Name:	00000006.00000000.478547237.0000000000249000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	249000
Size:	8192

Details

Name:	00000006.00000000.489899661.000000000456F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	456F000
Size:	20480

Details

Name:	00000005.00000003.465747676.0000000000879000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	879000
Size:	4096

Details

Name:	00000008.00000002.505271601.0000000000050000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.479374582.0000000002740000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2740000
Size:	8192

Details

Name:	00000006.00000000.481920813.00000000045BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45BF000
Size:	45056

Details

Name:	00000004.00000002.468940330.000000007EFD0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000005.00000000.463007249.0000000000400000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000007.00000000.500010008.000000007EFC0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.491438455.00000000075FE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	75FE000
Size:	8192

Details

Name:	00000006.00000000.492809751.000000007EFE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000000.546048761.0000000002A00000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A00000
Size:	4096

Details

Name:	00000006.00000000.470615591.00000000032A9000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A9000
Size:	16384

Details

Name:	00000006.00000000.468955404.000000000034E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	34E000
Size:	114688

Details

Name:	00000006.00000000.488653443.0000000003270000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3270000
Size:	28672

Details

Name:	00000006.00000000.469647439.0000000001FD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1FD0000
Size:	913408

Details

Name:	00000006.00000000.488598444.00000000030E0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30E0000
Size:	8192

Details

Name:	00000008.00000000.502880454.0000000000050000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.487714669.0000000002A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000007.00000000.499718361.000000007EFB0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.488746186.00000000032A9000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A9000
Size:	16384

Details

Name:	00000004.00000003.463267890.0000000002B60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B60000
Size:	368640

Details

Name:	00000005.00000000.463555318.0000000000190000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	00000006.00000000.546610790.0000000003278000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3278000
Size:	126976

Details

Name:	00000006.00000000.548873852.00000000043A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	43A0000
Size:	8192

Details

Name:	00000008.00000002.505763591.000000007EFB2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000005.00000003.465519342.0000000000230000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	230000
Size:	884736

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.483421256.0000000006D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D40000
Size:	4096

Details

Name:	00000005.00000002.500463514.00000000001A0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000007.00000000.500277535.000000007EFB0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000008.00000002.505308433.00000000002DD000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2DD000
Size:	12288

Details

Name:	00000006.00000000.486856614.00000000020DA000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20DA000
Size:	40960

Details

Name:	00000006.00000000.478465497.0000000000110000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	4096

Details

Name:	00000006.00000000.549466330.00000000045D6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D6000
Size:	208896

Details

Name:	00000006.00000000.546003410.000000000295C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	295C000
Size:	49152

Details

Name:	0000000B.00000002.668026743.0000000000346000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	346000
Size:	16384

Details

Name:	00000006.00000000.483850564.0000000007BD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7BD0000
Size:	4096

Details

Name:	00000006.00000000.481531302.0000000004450000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4450000
Size:	167936

Details

Name:	00000006.00000000.470076752.0000000002A80000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A80000
Size:	4096

Details

Name:	00000006.00000000.477555876.00000000083F8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83F8000
Size:	16384

Details

Name:	00000006.00000000.483536477.000000000728E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	728E000
Size:	12288

Details

Name:	00000006.00000000.491663160.0000000007D20000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7D20000
Size:	24576

Details

Name:	00000004.00000003.463780972.0000000002BC0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2BC0000
Size:	20480

Details

Name:	00000006.00000000.549100159.000000000449C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	449C000
Size:	303104

Details

Name:	00000006.00000000.489568445.0000000004300000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4300000
Size:	4096

Details

Name:	00000004.00000003.463082996.0000000002900000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2900000
Size:	884736

Details

Name:	00000005.00000000.465001344.0000000000190000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	0000000B.00000002.668019825.000000000033D000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	33D000
Size:	32768

Details

Name:	00000005.00000003.466568938.0000000000531000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	531000
Size:	4096

Details

Name:	00000006.00000000.478678987.0000000000371000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	371000
Size:	61440

Details

Name:	00000006.00000000.469070912.00000000005B0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5B0000
Size:	12288

Details

Name:	00000006.00000000.480006930.00000000031FF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	31FF000
Size:	4096

Details

Name:	00000006.00000000.477123962.0000000004E5E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E5E000
Size:	8192

Details

Name:	00000006.00000000.470506632.000000000309E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	309E000
Size:	16384

Details

Name:	00000006.00000000.489626175.0000000004450000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4450000
Size:	167936

Details

Name:	00000007.00000002.668893912.0000000002367000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2367000
Size:	4096

Details

Name:	00000004.00000003.464218613.0000000002B54000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B54000
Size:	4096

Details

Name:	00000006.00000000.491650640.0000000007CFE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7CFE000
Size:	8192

Details

Name:	00000006.00000000.491562482.00000000079F0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	79F0000
Size:	4096

Details

Name:	00000004.00000002.465719078.0000000000514000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	514000
Size:	147456

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000006.00000000.485909523.00000000002C7000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	2C7000
Size:	344064

Details

Name:	00000005.00000000.464488361.00000000001A0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000007.00000003.576459806.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000004.00000002.465590766.0000000000370000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	370000
Size:	12288

Details

Name:	00000006.00000000.477234265.0000000006D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D40000
Size:	4096

Details

Name:	00000004.00000003.464748917.0000000002B57000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B57000
Size:	4096

Details

Name:	00000006.00000000.483065127.0000000004DD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4DD0000
Size:	8192

Details

Name:	00000005.00000000.463042278.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.485811098.0000000000243000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	243000
Size:	8192

Details

Name:	00000006.00000000.546086672.0000000002A70000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A70000
Size:	4096

Details

Name:	00000006.00000000.492156131.0000000008720000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8720000
Size:	53248

Details

Name:	00000007.00000003.501592909.00000000021D4000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	21D4000
Size:	4096

Details

Name:	00000006.00000000.470528098.00000000030C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	00000008.00000002.505365630.00000000006E0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	6E0000
Size:	20480

Details

Name:	00000007.00000002.668492292.0000000002100000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2100000
Size:	57344

Details

Name:	00000006.00000000.477343843.000000000782F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	782F000
Size:	8192

Details

Name:	00000005.00000002.501117732.0000000000E00000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	E00000
Size:	12288

Details

Name:	00000006.00000000.545883887.0000000002550000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2550000
Size:	36864

Details

Name:	00000006.00000000.490261983.0000000004650000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4650000
Size:	4001792

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.492187006.0000000008C20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C20000
Size:	4096

Details

Name:	00000006.00000000.490788951.0000000004D20000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4D20000
Size:	4096

Details

Name:	00000006.00000000.487287991.0000000002760000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2760000
Size:	8192

Details

Name:	00000005.00000002.500813721.0000000000AF0000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	AF0000
Size:	4096

Details

Name:	00000006.00000000.545170819.00000000001E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1E0000
Size:	4096

Details

Name:	00000006.00000000.482689179.0000000004AAD000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AAD000
Size:	12288

Details

Name:	00000006.00000000.484199032.00000000083DF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83DF000
Size:	73728

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000003.464608148.00000000029DA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DA000
Size:	4096

Details

Name:	00000008.00000002.505357160.0000000000604000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	604000
Size:	45056

Details

Name:	00000006.00000000.545345637.00000000005B0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5B0000
Size:	12288

Details

Name:	0000000B.00000000.587178019.000007FFFFFB2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB2000
Size:	4096

Details

Name:	00000006.00000000.545413756.0000000001B60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B60000
Size:	8192

Details

Name:	00000007.00000000.500259120.0000000000660000.00000040.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	660000
Size:	155648

Details

Name:	00000004.00000003.463752103.0000000002B57000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B57000
Size:	4096

Details

Name:	00000006.00000000.549344910.000000000456F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	456F000
Size:	20480

Details

Name:	00000004.00000003.465287221.0000000002B57000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B57000
Size:	4096

Details

Name:	00000006.00000000.490776498.0000000004C7A000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C7A000
Size:	4096

Details

Name:	00000006.00000000.485255429.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000006.00000000.478508984.0000000000220000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	220000
Size:	8192

Details

Name:	00000008.00000002.505781932.000000007EFDF000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000005.00000000.464522827.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.478554434.0000000000255000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	255000
Size:	282624

Details

Name:	00000006.00000000.552866034.00000000079F0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	79F0000
Size:	4096

Details

Name:	00000008.00000002.505289822.0000000000100000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	100000
Size:	4096

Details

Name:	00000004.00000003.463754860.0000000002B60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B60000
Size:	368640

Details

Name:	0000000B.00000002.668086968.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	0000000B.00000002.668064986.000000000073F000.00000004.00000010.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	73F000
Size:	4096

Details

Name:	00000006.00000000.478485426.00000000001CE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1CE000
Size:	12288

Details

Name:	00000006.00000000.491408661.00000000074D3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74D3000
Size:	4096

Details

Name:	00000006.00000000.546097935.0000000002A90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A90000
Size:	4096

Details

Name:	00000006.00000000.491514996.0000000007839000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7839000
Size:	28672

Details

Name:	00000004.00000003.463290012.0000000002BC0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2BC0000
Size:	20480

Details

Name:	00000006.00000000.483105122.0000000004E5E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E5E000
Size:	8192

Details

Name:	00000004.00000003.464106986.00000000029DA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DA000
Size:	4096

Details

Name:	00000006.00000000.477263495.00000000071C7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C7000
Size:	36864

Details

Name:	00000006.00000000.479454088.0000000002921000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2921000
Size:	28672

Details

Name:	00000006.00000000.486878122.0000000002100000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2100000
Size:	8192

Details

Name:	00000006.00000000.481600998.000000000449C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	449C000
Size:	303104

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000006.00000000.546064630.0000000002A30000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A30000
Size:	4096

Details

Name:	00000007.00000003.500709411.0000000000257000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	257000
Size:	24576

Details

Name:	00000004.00000002.465586356.0000000000340000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	340000
Size:	8192

Details

Name:	00000006.00000000.469014044.000000000036F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36F000
Size:	4096

Details

Name:	00000006.00000000.468487633.000000000023D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	23D000
Size:	8192

Details

Name:	00000004.00000002.468921349.000000007EFB2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000008.00000000.503020825.000000007EFD0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.552089399.0000000004AC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AC0000
Size:	4096

Details

Name:	00000007.00000003.631303350.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000006.00000000.491814815.0000000008355000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8355000
Size:	57344

Details

Name:	00000006.00000000.491099319.0000000006A60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6A60000
Size:	8192

Details

Name:	00000006.00000000.483194805.0000000005270000.00000020.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	5270000
Size:	65536

Details

Name:	00000004.00000000.458613071.000000007EFB0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.479289238.0000000002500000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2500000
Size:	8192

Details

Name:	00000006.00000000.545805243.00000000020DA000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20DA000
Size:	40960

Details

Name:	00000007.00000002.668842503.0000000002364000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2364000
Size:	8192

Details

Name:	00000006.00000000.546557029.00000000030C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	00000006.00000000.552841607.0000000007839000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7839000
Size:	28672

Details

Name:	00000006.00000000.487735784.0000000002A60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	4096

Details

Name:	00000006.00000000.545852168.00000000024F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	24F0000
Size:	8192

Details

Name:	00000004.00000002.468927301.000000007EFC0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.490742410.0000000004B9D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4B9D000
Size:	12288

Details

Name:	00000006.00000000.552443598.0000000005360000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	5360000
Size:	12288

Details

Name:	00000006.00000000.491616676.0000000007B50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7B50000
Size:	8192

Details

Name:	00000006.00000000.492225375.0000000008DD8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8DD8000
Size:	32768

Details

Name:	00000006.00000000.483717846.000000000782F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	782F000
Size:	8192

Details

Name:	00000006.00000000.477228327.0000000006C59000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6C59000
Size:	28672

Details

Name:	00000005.00000002.500808528.0000000000AE0000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	AE0000
Size:	20480

Details

Name:	00000008.00000000.503733961.0000000000050000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000005.00000002.501451251.000000007EFDF000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000006.00000000.471418040.00000000045A1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45A1000
Size:	73728

Details

Name:	00000005.00000000.465036500.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.469809180.0000000002550000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2550000
Size:	36864

Details

Name:	00000006.00000000.481359908.00000000041A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A5000
Size:	45056

Details

Name:	00000007.00000002.668486594.000000000203E000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	203E000
Size:	8192

Details

Name:	00000006.00000000.477361140.00000000078E9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	78E9000
Size:	28672

Details

Name:	00000006.00000000.481500715.00000000043A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	43A0000
Size:	8192

Details

Name:	00000006.00000000.480165352.00000000032AE000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32AE000
Size:	86016

Details

Name:	00000006.00000000.479293105.0000000002520000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2520000
Size:	4096

Details

Name:	00000006.00000000.492861107.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000006.00000000.545948375.0000000002740000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2740000
Size:	8192

Details

Name:	00000006.00000000.477853896.00000000093A3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	93A3000
Size:	237568

Details

Name:	00000006.00000000.545433209.0000000001BE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1BE0000
Size:	4112384

Details

Name:	00000006.00000000.545303102.0000000000330000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	4096

Details

Name:	00000006.00000000.484861938.0000000009323000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9323000
Size:	237568

Details

Name:	00000005.00000002.500486596.0000000000370000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	370000
Size:	4096

Details

Name:	00000006.00000000.477926747.000000007EFE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000000.477616367.0000000008461000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8461000
Size:	167936

Details

Name:	00000006.00000000.470750182.0000000003E50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3E50000
Size:	3133440

Details

Name:	00000006.00000000.490864901.0000000004DD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4DD0000
Size:	8192

Details

Name:	00000006.00000000.481965096.00000000045CF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CF000
Size:	16384

Details

Name:	00000006.00000000.482975331.0000000004D60000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D60000
Size:	8192

Details

Name:	00000004.00000002.465663528.0000000000437000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	437000
Size:	4096

Details

Name:	00000006.00000000.549572210.0000000004650000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4650000
Size:	4001792

Details

Name:	00000006.00000000.486693370.0000000001FD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1FD0000
Size:	913408

Details

Name:	00000005.00000002.500900765.0000000000C00000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	C00000
Size:	368640

Details

Name:	00000006.00000000.485133625.00000000095E3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95E3000
Size:	24576

Details

Name:	00000006.00000000.479995881.0000000003160000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3160000
Size:	4096

Details

Name:	00000007.00000002.670256671.000000007EFB0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000005.00000002.500516559.00000000003FF000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	3FF000
Size:	4096

Details

Name:	00000006.00000000.482717503.0000000004AF0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4AF0000
Size:	8192

Details

Name:	00000004.00000003.464739341.0000000002B51000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B51000
Size:	4096

Details

Name:	00000004.00000002.465629043.0000000000409000.00000004.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	409000
Size:	131072

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.492525867.0000000009323000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9323000
Size:	237568

Details

Name:	00000006.00000000.488664733.0000000003278000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3278000
Size:	126976

Details

Name:	00000005.00000003.465678871.000000000030A000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	30A000
Size:	4096

Details

Name:	0000000B.00000002.668052465.000000000063C000.00000004.00000010.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	63C000
Size:	16384

Details

Name:	00000008.00000002.505772488.000000007EFC2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.470458406.0000000002F20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2F20000
Size:	172032

Details

Name:	00000006.00000000.483804165.0000000007B40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B40000
Size:	4096

Details

Name:	00000006.00000000.484261648.000000000840B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	840B000
Size:	90112

Details

Name:	00000006.00000000.470651486.0000000003CC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3CC0000
Size:	8192

Details

Name:	0000000B.00000002.667951688.0000000000040000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	4096

Details

Name:	00000006.00000000.477372279.0000000007B40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B40000
Size:	4096

Details

Name:	00000006.00000000.479226345.00000000020B6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20B6000
Size:	57344

Details

Name:	00000006.00000000.491273964.000000000729A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	729A000
Size:	24576

Details

Name:	00000006.00000000.477512833.00000000083DF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83DF000
Size:	73728

Details

Name:	00000005.00000002.501303457.000000007EFB2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.477339600.00000000075FE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	75FE000
Size:	8192

Details

Name:	00000007.00000002.669580551.00000000024F0000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24F0000
Size:	368640

Details

Name:	00000008.00000002.505325587.0000000000366000.00000004.00000040.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	366000
Size:	4096

Details

Name:	00000006.00000000.472344081.00000000045BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45BF000
Size:	45056

Details

Name:	00000006.00000000.478780887.0000000001B83000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B83000
Size:	81920

Details

Name:	00000006.00000000.481521760.00000000043B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	43B0000
Size:	4096

Details

Name:	00000008.00000000.503437923.000000007EFD0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000005.00000003.466577687.0000000000537000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	537000
Size:	4096

Details

Name:	00000005.00000000.465044207.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.478457002.00000000000F0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	8192

Details

Name:	00000004.00000000.458625591.000000007EFC2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000004.00000002.465582330.000000000033E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	33E000
Size:	8192

Details

Name:	00000005.00000002.500592479.00000000006B0000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	6B0000
Size:	57344

Details

Name:	00000006.00000000.489856229.0000000004513000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4513000
Size:	360448

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.481463900.0000000004308000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4308000
Size:	32768

Details

Name:	00000006.00000000.545812834.0000000002100000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2100000
Size:	8192

Details

Name:	00000006.00000000.483007311.0000000004D80000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D80000
Size:	8192

Details

Name:	00000006.00000000.484329264.0000000008428000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8428000
Size:	167936

Details

Name:	00000006.00000000.479922874.00000000030A8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30A8000
Size:	32768

Details

Name:	00000004.00000002.465562036.0000000000250000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	250000
Size:	28672

Details

Name:	0000000B.00000000.587188274.000007FFFFFC0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC0000
Size:	4096

Details

Name:	00000006.00000000.484530911.0000000008C3E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8C3E000
Size:	28672

Details

Name:	00000006.00000000.479517570.0000000002A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.490992344.000000000556F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	556F000
Size:	4096

Details

Name:	00000006.00000000.478446659.00000000000E4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E4000
Size:	49152

Details

Name:	00000007.00000003.652781773.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000004.00000002.468947721.000000007EFDF000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000006.00000000.546081184.0000000002A60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	4096

Details

Name:	00000005.00000002.500472276.000000000026F000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	26F000
Size:	4096

Details

Name:	00000006.00000000.552736814.00000000073BB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73BB000
Size:	20480

Details

Name:	00000005.00000002.500645492.0000000000899000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	899000
Size:	307200

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.552670617.00000000071C7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C7000
Size:	36864

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.546604066.0000000003270000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3270000
Size:	28672

Details

Name:	00000006.00000000.484478261.0000000008720000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8720000
Size:	53248

Details

Name:	00000006.00000000.470577724.0000000003278000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3278000
Size:	126976

Details

Name:	00000006.00000000.488436679.0000000002EC1000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2EC1000
Size:	12288

Details

Name:	00000006.00000000.485703877.0000000000230000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	230000
Size:	20480

Details

Name:	00000006.00000000.491187827.0000000006E50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6E50000
Size:	4096

Details

Name:	00000006.00000000.477959633.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000006.00000000.485829638.0000000000249000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	249000
Size:	8192

Details

Name:	00000006.00000000.487596340.0000000002A10000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A10000
Size:	4096

Details

Name:	00000006.00000000.469908929.00000000027A0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	27A0000
Size:	8192

Details

Name:	00000006.00000000.545212221.0000000000255000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	255000
Size:	282624

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000002.468933923.000000007EFC2000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000008.00000000.502964794.000000007EFB2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.470518868.00000000030A8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30A8000
Size:	32768

Details

Name:	00000006.00000000.470047217.0000000002A60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	4096

Details

Name:	00000006.00000000.549510862.000000000460B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	460B000
Size:	282624

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.545894560.00000000025C3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	25C3000
Size:	233472

Details

Name:	00000006.00000000.478673648.000000000036F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36F000
Size:	4096

Details

Name:	00000006.00000000.552454216.0000000005390000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5390000
Size:	4096

Details

Name:	00000007.00000003.501469214.00000000020D0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	20D0000
Size:	4096

Details

Name:	00000006.00000000.479493082.00000000029F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29F0000
Size:	4096

Details

Name:	00000006.00000000.552644893.0000000006E50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6E50000
Size:	4096

Details

Name:	00000006.00000000.469872368.0000000002646000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2646000
Size:	155648

Details

Name:	00000006.00000000.469801762.0000000002540000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2540000
Size:	4096

Details

Name:	00000005.00000000.464025166.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.468326223.00000000001D7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1D7000
Size:	36864

Details

Name:	00000006.00000000.491714342.00000000081AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	81AE000
Size:	8192

Details

Name:	00000007.00000002.668266637.0000000001C80000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1C80000
Size:	3133440

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000004.00000003.465134783.00000000029DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DD000
Size:	409600

Details

Name:	00000007.00000002.669854680.0000000002E02000.00000004.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2E02000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.487424928.0000000002921000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2921000
Size:	28672

Details

Name:	00000006.00000000.477431291.0000000008320000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8320000
Size:	163840

Details

Name:	00000006.00000000.483365899.0000000006A60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6A60000
Size:	8192

Details

Name:	00000006.00000000.549441671.00000000045CB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CB000
Size:	12288

Details

Name:	00000006.00000000.548255728.0000000004249000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4249000
Size:	28672

Details

Name:	00000008.00000002.505294949.00000000001AD000.00000004.00000001.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1AD000
Size:	12288

Details

Name:	00000006.00000000.480120479.00000000032A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A5000
Size:	4096

Details

Name:	00000006.00000000.553056612.0000000008355000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8355000
Size:	57344

Details

Name:	00000008.00000000.503756172.0000000000060000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000005.00000000.464000598.0000000000190000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	00000006.00000000.545350517.00000000005C0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	5C0000
Size:	73728

Details

Name:	0000000B.00000002.667984219.00000000001B6000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1B6000
Size:	8192

Details

Name:	00000005.00000002.500429198.0000000000010000.00000004.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000004.00000002.465569140.0000000000260000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	260000
Size:	8192

Details

Name:	00000004.00000002.467320855.0000000002770000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2770000
Size:	4096

Details

Name:	0000000B.00000002.667973851.000000000010D000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	10D000
Size:	12288

Details

Name:	00000004.00000003.464211993.0000000002B40000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B40000
Size:	4096

Details

Name:	0000000B.00000002.667993313.00000000002B4000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2B4000
Size:	20480

Details

Name:	00000004.00000002.465750182.000000000053F000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	53F000
Size:	40960

Details

Name:	00000006.00000000.480060561.0000000003298000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3298000
Size:	32768

Details

Name:	00000005.00000000.463030964.0000000000437000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	437000
Size:	4096

Details

Name:	00000006.00000000.477213844.0000000006A60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	6A60000
Size:	8192

Details

Name:	00000006.00000000.491059598.0000000006A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A50000
Size:	4096

Details

Name:	00000006.00000000.548160480.00000000041A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A0000
Size:	4096

Details

Name:	00000005.00000000.463024693.0000000000409000.00000008.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page write copy
Base address:	409000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.487092165.0000000002550000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2550000
Size:	36864

Details

Name:	00000006.00000000.492867976.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000005.00000000.464527631.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000007.00000002.670386238.000000007EFE0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFE0000
Size:	20480

Details

Name:	00000006.00000000.485081772.0000000009561000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	9561000
Size:	4096

Details

Name:	00000007.00000002.669552369.00000000024E7000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	24E7000
Size:	4096

Details

Name:	00000006.00000000.486828029.00000000020B6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20B6000
Size:	57344

Details

Name:	00000006.00000000.552432017.000000000532E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	532E000
Size:	8192

Details

Name:	00000006.00000000.485203102.000007FFFFFB0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFB0000
Size:	4096

Details

Name:	00000007.00000002.670343642.000000007EFD0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000008.00000000.503294914.0000000000060000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000006.00000000.485014042.00000000094E0000.00000040.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	94E0000
Size:	258048

Details

Name:	00000004.00000002.465864898.0000000001D90000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1D90000
Size:	4096

Details

Name:	00000006.00000000.477799649.0000000009323000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9323000
Size:	237568

Details

Name:	00000006.00000000.469749292.0000000002120000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2120000
Size:	53248

Details

Name:	00000006.00000000.477910103.00000000095C5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C5000
Size:	4096

Details

Name:	00000008.00000000.503422944.000000007EFC2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000007.00000002.669683326.0000000002560000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2560000
Size:	12288

Details

Name:	00000006.00000000.486020342.000000000036B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	36B000
Size:	4096

Details

Name:	00000006.00000000.481982778.00000000045D4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D4000
Size:	4096

Details

Name:	00000007.00000002.669640660.0000000002550000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2550000
Size:	20480

Details

Name:	00000006.00000000.545796208.00000000020B6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	20B6000
Size:	57344

Details

Name:	00000006.00000000.546069952.0000000002A40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A40000
Size:	4096

Details

Name:	00000006.00000000.552881063.0000000007B4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B4B000
Size:	20480

Details

Name:	00000007.00000003.500586329.000000000205D000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	205D000
Size:	409600

Details

Name:	00000005.00000000.464483727.0000000000190000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	00000007.00000003.500648902.000000000024C000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	24C000
Size:	24576

Details

Name:	00000006.00000000.492098393.0000000008461000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8461000
Size:	167936

Details

Name:	00000004.00000003.465344245.0000000002BC0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2BC0000
Size:	20480

Details

Name:	00000004.00000002.465528746.0000000000020000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000006.00000000.477107266.0000000004DD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4DD0000
Size:	8192

Details

Name:	00000006.00000000.549450268.00000000045CF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45CF000
Size:	16384

Details

Name:	00000005.00000002.501264188.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.483880545.0000000007D20000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7D20000
Size:	24576

Details

Name:	00000006.00000000.477416287.0000000007E1E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7E1E000
Size:	8192

Details

Name:	00000006.00000000.479307005.0000000002540000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2540000
Size:	4096

Details

Name:	00000007.00000002.668774408.0000000002350000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2350000
Size:	4096

Details

Name:	00000006.00000000.552627881.0000000006D48000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D48000
Size:	32768

Details

Name:	00000007.00000002.669769710.0000000002A8A000.00000004.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2A8A000
Size:	4096

Details

Name:	00000006.00000000.473736946.0000000004650000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4650000
Size:	4001792

Details

Name:	00000005.00000003.465767794.000000000087E000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	87E000
Size:	8192

Details

Name:	00000006.00000000.469767295.00000000021BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	00000005.00000002.500561058.00000000004B1000.00000040.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	4B1000
Size:	4096

Details

Name:	00000006.00000000.545188062.0000000000237000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	237000
Size:	16384

Details

Name:	0000000B.00000002.667998762.00000000002BB000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2BB000
Size:	4096

Details

Name:	00000006.00000000.552301755.0000000004D80000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D80000
Size:	8192

Details

Name:	0000000B.00000002.668014141.0000000000307000.00000004.00000020.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	307000
Size:	4096

Details

Name:	00000006.00000000.478768257.0000000001B60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B60000
Size:	8192

Details

Name:	00000004.00000003.459148774.0000000002870000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2870000
Size:	4096

Details

Name:	00000006.00000000.546523493.000000000309E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	309E000
Size:	16384

Details

Name:	00000006.00000000.552921745.0000000007CFE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7CFE000
Size:	8192

Details

Name:	00000006.00000000.478515226.0000000000230000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	230000
Size:	20480

Details

Name:	00000004.00000002.467313574.000000000276F000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	276F000
Size:	4096

Details

Name:	00000004.00000001.458735601.0000000000400000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000006.00000000.489618192.00000000043B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	43B0000
Size:	4096

Details

Name:	00000006.00000000.491949862.00000000083D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83D0000
Size:	49152

Details

Name:	00000007.00000003.501606289.00000000021E0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	21E0000
Size:	368640

Details

Name:	00000006.00000000.487507678.00000000029D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29D0000
Size:	4096

Details

Name:	00000004.00000003.464145351.0000000002A50000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.483333572.0000000006A50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A50000
Size:	4096

Details

Name:	00000006.00000000.491120203.0000000006BBE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6BBE000
Size:	8192

Details

Name:	00000006.00000000.479397739.0000000002760000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2760000
Size:	8192

Details

Name:	00000006.00000000.485963840.000000000031D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	31D000
Size:	77824

Details

Name:	00000005.00000002.500455981.0000000000190000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	190000
Size:	16384

Details

Name:	00000006.00000000.546515461.000000000301E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	301E000
Size:	8192

Details

Name:	00000006.00000000.471223899.0000000004513000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4513000
Size:	360448

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.485118235.00000000095C5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C5000
Size:	4096

Details

Name:	00000006.00000000.488572526.00000000030C0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	00000006.00000000.489589975.0000000004389000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4389000
Size:	28672

Details

Name:	00000006.00000000.545175870.0000000000220000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	220000
Size:	8192

Details

Name:	00000006.00000000.491968890.00000000083DF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83DF000
Size:	73728

Details

Name:	00000005.00000000.463035499.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000005.00000000.463568864.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.546624403.0000000003298000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3298000
Size:	32768

Details

Name:	00000007.00000002.668163373.00000000004A0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	4A0000
Size:	20480

Details

Name:	00000006.00000000.484029040.0000000008374000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8374000
Size:	372736

Details

Name:	00000006.00000000.477301742.00000000073BB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73BB000
Size:	20480

Details

Name:	00000006.00000000.546584397.00000000030F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30F0000
Size:	8192

Details

Name:	00000006.00000000.483039335.0000000004DC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4DC0000
Size:	4096

Details

Name:	00000006.00000000.490885096.0000000004E60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E60000
Size:	4096

Details

Name:	00000006.00000000.552411524.0000000005270000.00000020.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	5270000
Size:	65536

Details

Name:	00000006.00000000.470680182.0000000003D90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D90000
Size:	421888

Details

Name:	00000006.00000000.468057164.0000000000040000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	8192

Details

Name:	00000006.00000000.545145122.0000000000110000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	4096

Details

Name:	00000006.00000000.467841648.0000000000020000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	20000
Size:	8192

Details

Name:	00000007.00000002.670044855.0000000004A1E000.00000004.00000010.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4A1E000
Size:	8192

Details

Name:	00000006.00000000.552719573.00000000073B9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73B9000
Size:	4096

Details

Name:	00000006.00000000.552240989.0000000004D20000.00000040.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4D20000
Size:	4096

Details

Name:	0000000B.00000002.668112211.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000007.00000003.587233859.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000007.00000003.501648273.0000000002240000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2240000
Size:	20480

Details

Name:	00000006.00000000.470024101.0000000002A40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A40000
Size:	4096

Details

Name:	00000006.00000000.483518664.00000000071C7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	71C7000
Size:	36864

Details

Name:	00000007.00000002.670300226.000000007EFC0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.490938351.000000000532E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	532E000
Size:	8192

Details

Name:	00000006.00000000.477408638.0000000007D20000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7D20000
Size:	24576

Details

Name:	00000006.00000000.481207504.0000000004150000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4150000
Size:	8192

Details

Name:	00000006.00000000.490875614.0000000004E5E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E5E000
Size:	8192

Details

Name:	00000006.00000000.546664160.00000000032AE000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32AE000
Size:	86016

Details

Name:	00000006.00000000.488625323.0000000003160000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3160000
Size:	4096

Details

Name:	00000006.00000000.472862187.00000000045D6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D6000
Size:	208896

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.545162992.00000000001D7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1D7000
Size:	36864

Details

Name:	00000006.00000000.545878887.0000000002540000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2540000
Size:	4096

Details

Name:	00000006.00000000.553074329.0000000008374000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8374000
Size:	425984

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000006.00000000.552889020.0000000007B50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7B50000
Size:	8192

Details

Name:	00000006.00000000.552342871.0000000004E5E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E5E000
Size:	8192

Details

Name:	00000006.00000000.470571269.0000000003270000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3270000
Size:	28672

Details

Name:	00000008.00000002.505776909.000000007EFD0000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.486168735.0000000001B50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1B50000
Size:	4096

Details

Name:	00000006.00000000.545726050.0000000001FD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1FD0000
Size:	913408

Details

Name:	00000006.00000000.553004975.0000000008320000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8320000
Size:	163840

Details

Name:	00000006.00000000.468219926.00000000000F0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	8192

Details

Name:	00000006.00000000.546059198.0000000002A20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A20000
Size:	4096

Details

Name:	00000006.00000000.483794169.00000000079F0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	79F0000
Size:	4096

Details

Name:	00000006.00000000.478761681.0000000001B50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1B50000
Size:	4096

Details

Name:	00000006.00000000.545072441.0000000000010000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000000.491081643.0000000006A5A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6A5A000
Size:	24576

Details

Name:	00000006.00000000.483571617.00000000073B9000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73B9000
Size:	4096

Details

Name:	0000000B.00000002.667988986.00000000002B0000.00000004.00000040.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2B0000
Size:	4096

Details

Name:	00000006.00000000.549353508.0000000004575000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4575000
Size:	16384

Details

Name:	00000006.00000000.485098617.00000000095C0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C0000
Size:	8192

Details

Name:	00000006.00000000.479487147.00000000029E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29E0000
Size:	4096

Details

Name:	00000006.00000000.477238129.0000000006D48000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6D48000
Size:	32768

Details

Name:	00000005.00000000.464518987.000000007EFC0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000006.00000000.545424309.0000000001B83000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B83000
Size:	81920

Details

Name:	00000006.00000000.484411237.0000000008461000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8461000
Size:	167936

Details

Name:	00000006.00000000.492880097.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000005.00000002.500770289.0000000000A70000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	A70000
Size:	12288

Details

Name:	00000006.00000000.479985711.00000000030F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	30F0000
Size:	8192

Details

Name:	00000006.00000000.487238440.0000000002750000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2750000
Size:	16384

Details

Name:	00000007.00000000.496158772.000000007EFB0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.478636835.000000000031D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	31D000
Size:	77824

Details

Name:	00000006.00000000.479545004.0000000002AE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2AE0000
Size:	1986560

Details

Name:	00000006.00000000.487475257.000000000295C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	295C000
Size:	49152

Details

Name:	00000004.00000000.458621535.000000007EFC0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC0000
Size:	4096

Details

Name:	00000005.00000002.500775084.0000000000A74000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	A74000
Size:	8192

Details

Name:	00000006.00000000.482102114.000000000460B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	460B000
Size:	282624

Details

Name:	00000005.00000003.466582149.0000000000540000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	540000
Size:	368640

Details

Name:	00000006.00000000.478428390.00000000000D0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	D0000
Size:	28672

Details

Name:	00000005.00000000.463559601.00000000001A0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	4096

Details

Name:	00000006.00000000.470621323.00000000032AE000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32AE000
Size:	86016

Details

Name:	00000004.00000003.464611415.00000000029DD000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DD000
Size:	409600

Details

Name:	00000006.00000000.477386329.0000000007B50000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7B50000
Size:	8192

Details

Name:	00000006.00000000.546702570.0000000003D40000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D40000
Size:	4096

Details

Name:	0000000B.00000002.667958832.0000000000060000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	28672

Details

Name:	00000006.00000000.545408893.0000000001B50000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1B50000
Size:	4096

Details

Name:	00000005.00000002.501417299.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.469736013.0000000002100000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2100000
Size:	8192

Details

Name:	00000006.00000000.468452105.0000000000237000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	237000
Size:	16384

Details

Name:	00000006.00000000.546092274.0000000002A80000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A80000
Size:	4096

Details

Name:	00000006.00000000.469757781.0000000002130000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2130000
Size:	53248

Details

Name:	00000006.00000000.553133619.00000000083DF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83DF000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000007.00000002.667921190.0000000000010000.00000004.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000000.470101539.0000000002AA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2AA0000
Size:	4096

Details

Name:	00000004.00000003.465279876.0000000002B54000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B54000
Size:	4096

Details

Name:	00000006.00000000.491369989.00000000074B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B0000
Size:	4096

Details

Name:	00000006.00000000.491637474.0000000007BD0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	7BD0000
Size:	4096

Details

Name:	00000005.00000000.465039913.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.483706165.00000000075FE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	75FE000
Size:	8192

Details

Name:	00000006.00000000.483689352.00000000074D3000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74D3000
Size:	4096

Details

Name:	00000006.00000000.488871987.0000000003D4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D4B000
Size:	20480

Details

Name:	00000006.00000000.490760060.0000000004C70000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4C70000
Size:	36864

Details

Name:	00000008.00000002.505253647.0000000000020000.00000004.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	20000
Size:	4096

Details

Name:	00000006.00000000.484717890.0000000009260000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9260000
Size:	262144

Details

Name:	00000004.00000003.465181829.0000000002A50000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A50000
Size:	4096

Details

Name:	00000006.00000000.488719574.00000000032A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A0000
Size:	8192

Details

Name:	00000007.00000003.609842496.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000004.00000002.468913964.000000007EFB0000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.491002076.00000000069BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69BF000
Size:	8192

Details

Name:	00000006.00000000.469954414.00000000029E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29E0000
Size:	4096

Details

Name:	00000006.00000000.470492726.000000000301E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	301E000
Size:	8192

Details

Name:	00000005.00000002.500480313.000000000036F000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	36F000
Size:	4096

Details

Name:	00000006.00000000.471033379.00000000041A5000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A5000
Size:	45056

Details

Name:	00000006.00000000.549413483.00000000045B4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45B4000
Size:	36864

Details

Name:	00000004.00000002.465707428.00000000004F0000.00000004.00000020.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4F0000
Size:	16384

Details

Name:	00000006.00000000.467826474.0000000000010000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	10000
Size:	4096

Details

Name:	00000006.00000000.483549357.000000000729A000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	729A000
Size:	24576

Details

Name:	00000006.00000000.485719906.0000000000237000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	237000
Size:	16384

Details

Name:	00000006.00000000.477963926.000007FFFFFD0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFD0000
Size:	12288

Details

Name:	00000006.00000000.471972666.00000000045B4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45B4000
Size:	36864

Details

Name:	00000006.00000000.477564252.000000000840B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	840B000
Size:	90112

Details

Name:	00000006.00000000.468243911.0000000000110000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	110000
Size:	4096

Details

Name:	00000005.00000003.466461493.0000000000440000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	440000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000006.00000000.471016974.0000000004160000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4160000
Size:	4096

Details

Name:	00000004.00000003.465186575.0000000002A60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	876544

Details

Name:	00000005.00000002.500606515.000000000080F000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	80F000
Size:	4096

Details

Name:	00000006.00000000.481749924.000000000456F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	456F000
Size:	20480

Details

Name:	00000005.00000000.463574559.000000007EFD0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFD0000
Size:	12288

Details

Name:	00000006.00000000.483585894.00000000073BB000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	73BB000
Size:	20480

Details

Name:	00000006.00000000.480214877.0000000003CC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3CC0000
Size:	8192

Details

Name:	00000008.00000002.505261184.0000000000030000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	30000
Size:	28672

Details

Name:	00000006.00000000.482168384.0000000004650000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4650000
Size:	4001792

Details

Name:	00000008.00000002.505377532.0000000000870000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	870000
Size:	73728

Details

Name:	00000006.00000000.545818342.0000000002110000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2110000
Size:	53248

Details

Name:	00000006.00000000.545308523.000000000034E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	34E000
Size:	114688

Details

Name:	00000006.00000000.485646069.0000000000140000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	140000
Size:	8192

Details

Name:	00000006.00000000.485621575.00000000000F0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	8192

Details

Name:	00000006.00000000.491198581.000000000714E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	714E000
Size:	8192

Details

Name:	00000006.00000000.469203893.0000000001B60000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	1B60000
Size:	8192

Details

Name:	00000006.00000000.484311422.0000000008424000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8424000
Size:	8192

Details

Name:	00000004.00000003.464266530.0000000002BC0000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2BC0000
Size:	20480

Details

Name:	00000008.00000002.505278763.0000000000060000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	60000
Size:	4096

Details

Name:	00000005.00000002.500602290.000000000070F000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	70F000
Size:	4096

Details

Name:	00000006.00000000.478476549.0000000000140000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	140000
Size:	8192

Details

Name:	00000006.00000000.490822643.0000000004D50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D50000
Size:	8192

Details

Name:	0000000B.00000002.667979070.0000000000180000.00000004.00000001.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	180000
Size:	4096

Details

Name:	00000006.00000000.488841030.0000000003CC0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3CC0000
Size:	8192

Details

Name:	00000006.00000000.480193813.0000000003CA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3CA0000
Size:	4096

Details

Name:	00000007.00000002.668170178.0000000000620000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	620000
Size:	12288

Details

Name:	00000004.00000002.465786398.0000000000780000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	780000
Size:	73728

Details

Name:	00000006.00000000.491469796.000000000782F000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	782F000
Size:	8192

Details

Name:	00000005.00000000.463562896.000000007EFB0000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.490079081.00000000045D6000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	45D6000
Size:	208896

Details

Name:	00000006.00000000.477080140.0000000004D80000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D80000
Size:	8192

Details

Name:	00000006.00000000.483386886.0000000006BBE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6BBE000
Size:	8192

Details

Name:	00000007.00000003.663530023.00000000001F0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	36864

Details

Name:	00000004.00000000.458602137.0000000000409000.00000008.00020000.sdmp
TargetID:	4
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page write copy
Base address:	409000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000005.00000003.465754661.000000000087F000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	87F000
Size:	45056

Details

Name:	00000006.00000000.553035054.000000000834B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	834B000
Size:	8192

Details

Name:	00000006.00000000.470668793.0000000003D4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D4B000
Size:	20480

Details

Name:	00000006.00000000.492738833.00000000095C0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	95C0000
Size:	8192

Details

Name:	00000006.00000000.487072769.0000000002540000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2540000
Size:	4096

Details

Name:	00000006.00000000.490842716.0000000004D80000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D80000
Size:	8192

Details

Name:	00000006.00000000.545846608.00000000021BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	00000006.00000000.477084662.0000000004DB1000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	4DB1000
Size:	45056

Details

Name:	00000006.00000000.491389265.00000000074B4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B4000
Size:	4096

Details

Name:	00000006.00000000.477178301.0000000005410000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5410000
Size:	4096

Details

Name:	00000006.00000000.483395614.0000000006C59000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6C59000
Size:	28672

Details

Name:	00000006.00000000.479531957.0000000002A80000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A80000
Size:	4096

Details

Name:	00000005.00000002.500693233.0000000000980000.00000040.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	980000
Size:	876544

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000004.00000002.465596006.0000000000376000.00000004.00000040.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	376000
Size:	12288

Details

Name:	00000006.00000000.470280517.0000000002CC7000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2CC7000
Size:	2043904

Details

Name:	00000006.00000000.483120611.0000000004E60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E60000
Size:	4096

Details

Name:	00000006.00000000.477706938.0000000009222000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	9222000
Size:	245760

Details

Name:	00000006.00000000.469968693.00000000029F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29F0000
Size:	4096

Details

Name:	00000005.00000002.500634195.0000000000877000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	877000
Size:	4096

Details

Name:	00000006.00000000.479443296.00000000027E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27E0000
Size:	4096

Details

Name:	00000006.00000000.487554669.00000000029F0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	29F0000
Size:	4096

Details

Name:	00000004.00000003.464224303.0000000002B60000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B60000
Size:	368640

Details

Name:	00000006.00000000.485667353.00000000001D7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1D7000
Size:	36864

Details

Name:	00000004.00000002.466357992.000000000227E000.00000004.00000010.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	227E000
Size:	8192

Details

Name:	00000006.00000000.546103757.0000000002AA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2AA0000
Size:	4096

Details

Name:	00000007.00000002.668527759.0000000002190000.00000040.00000001.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2190000
Size:	57344

Details

Name:	00000008.00000000.504165416.000000007EFC2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.483228073.0000000005360000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	5360000
Size:	12288

Details

Name:	00000006.00000000.489512376.0000000004160000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4160000
Size:	4096

Details

Name:	00000006.00000000.546012468.0000000002970000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2970000
Size:	172032

Details

Name:	00000006.00000000.477061777.0000000004D50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D50000
Size:	8192

Details

Name:	00000006.00000000.470633465.0000000003C90000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	3C90000
Size:	12288

Details

Name:	00000006.00000000.469862030.000000000263C000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	263C000
Size:	36864

Details

Name:	00000006.00000000.552597385.0000000006C59000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	6C59000
Size:	28672

Details

Name:	00000005.00000002.500567177.000000000060F000.00000004.00000010.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	60F000
Size:	4096

Details

Name:	00000004.00000002.465769917.0000000000770000.00000002.00020000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	770000
Size:	12288

Details

Name:	00000006.00000000.492055913.0000000008428000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8428000
Size:	167936

Details

Name:	00000006.00000000.545327691.0000000000371000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	371000
Size:	61440

Details

Name:	00000007.00000002.670280480.000000007EFB2000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Details

Name:	00000006.00000000.492256791.00000000091E3000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	91E3000
Size:	237568

Details

Name:	00000006.00000000.546109696.0000000002AE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2AE0000
Size:	1986560

Details

Name:	00000006.00000000.486980410.00000000021BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	21BF000
Size:	4096

Details

Name:	00000006.00000000.477029787.0000000004B9D000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4B9D000
Size:	12288

Details

Name:	00000006.00000000.478491251.00000000001D7000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1D7000
Size:	36864

Details

Name:	00000006.00000000.545836472.0000000002130000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	2130000
Size:	53248

Details

Name:	00000007.00000002.668231157.0000000000870000.00000004.00000040.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	870000
Size:	12288

Details

Name:	00000006.00000000.490859066.0000000004DC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4DC0000
Size:	4096

Details

Name:	00000006.00000000.545294698.000000000031D000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	31D000
Size:	77824

Details

Name:	00000006.00000000.546591463.0000000003160000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	3160000
Size:	4096

Details

Name:	00000007.00000000.499993080.0000000000050000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.477464588.0000000008374000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8374000
Size:	372736

Details

Name:	0000000B.00000002.668106961.000007FFFFFC2000.00000002.00020000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFFFFC2000
Size:	4096

Details

Name:	00000006.00000000.479505907.0000000002A20000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A20000
Size:	4096

Details

Name:	00000006.00000000.491998285.00000000083F8000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83F8000
Size:	16384

Details

Name:	00000006.00000000.480267470.0000000003D90000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3D90000
Size:	421888

Details

Name:	00000006.00000000.478600986.00000000002C7000.00000004.00000020.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap default
Protect:	page read and write
Base address:	2C7000
Size:	344064

Details

Name:	00000006.00000000.482784572.0000000004BB0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4BB0000
Size:	4096

Details

Name:	00000006.00000000.469780840.0000000002500000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	2500000
Size:	8192

Details

Name:	00000008.00000002.505346220.00000000005E0000.00000004.00000020.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5E0000
Size:	16384

Details

Name:	00000006.00000000.477128966.0000000004E60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4E60000
Size:	4096

Details

Name:	00000006.00000000.488642926.00000000031FF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	31FF000
Size:	4096

Details

Name:	00000008.00000000.503272209.0000000000050000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	50000
Size:	16384

Details

Name:	00000006.00000000.490733686.0000000004B00000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4B00000
Size:	8192

Details

Name:	00000005.00000000.463045374.000000007EFC2000.00000002.00020000.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFC2000
Size:	4096

Details

Name:	00000006.00000000.545139213.00000000000F0000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	F0000
Size:	8192

Details

Name:	00000006.00000000.484156407.00000000083D0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	83D0000
Size:	49152

Details

Name:	00000006.00000000.486231341.0000000001BE0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	1BE0000
Size:	4112384

Details

Name:	00000006.00000000.491589834.0000000007B4B000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7B4B000
Size:	20480

Details

Name:	00000006.00000000.479522708.0000000002A60000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2A60000
Size:	4096

Details

Name:	00000007.00000000.500000505.000000007EFB0000.00000002.00020000.sdmp
TargetID:	7
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB0000
Size:	4096

Details

Name:	00000006.00000000.552780270.00000000074B0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	74B0000
Size:	4096

Details

Name:	00000006.00000000.483020060.0000000004DB1000.00000004.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page read and write
Base address:	4DB1000
Size:	45056

Details

Name:	00000006.00000000.545156446.00000000001CE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1CE000
Size:	12288

Details

Name:	00000006.00000000.482948849.0000000004D50000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	4D50000
Size:	8192

Details

Name:	00000004.00000003.463151263.00000000029DA000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	29DA000
Size:	4096

Details

Name:	00000006.00000000.483906242.00000000081AE000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	81AE000
Size:	8192

Details

Name:	00000006.00000000.546633260.00000000032A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32A0000
Size:	8192

Details

Name:	00000006.00000000.471304106.0000000004593000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4593000
Size:	49152

Details

Name:	00000006.00000000.482697900.0000000004AC0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4AC0000
Size:	4096

Details

Name:	00000006.00000000.483291835.00000000069BF000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	69BF000
Size:	8192

Details

Name:	00000005.00000003.465683557.000000000030D000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	30D000
Size:	409600

Details

Name:	00000006.00000000.469771977.00000000024F0000.00000002.00020000.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	24F0000
Size:	8192

Details

Name:	00000006.00000000.479540326.0000000002AA0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2AA0000
Size:	4096

Details

Name:	00000004.00000003.459133174.0000000002870000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2870000
Size:	4096

Details

Name:	00000006.00000000.471052812.0000000004249000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	4249000
Size:	28672

Details

Name:	00000006.00000000.470594339.0000000003298000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	3298000
Size:	32768

Details

Name:	00000006.00000000.484785076.00000000092A4000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	92A4000
Size:	454656

Details

Name:	00000007.00000003.501577561.00000000021C0000.00000004.00000001.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	21C0000
Size:	4096

Details

Name:	00000006.00000000.488765683.00000000032AE000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	32AE000
Size:	86016

Details

Name:	00000004.00000003.463746631.0000000002B51000.00000004.00000001.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2B51000
Size:	4096

Details

Name:	00000006.00000000.481336776.00000000041A0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	41A0000
Size:	4096

Details

Name:	00000006.00000000.469919761.00000000027E0000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	27E0000
Size:	4096

Details

Name:	00000006.00000000.491697033.0000000007E1E000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	7E1E000
Size:	8192

Details

Name:	00000006.00000000.477174281.0000000005390000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	5390000
Size:	4096

Details

Name:	00000006.00000000.478646910.0000000000330000.00000004.00000001.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	330000
Size:	4096

Details

Name:	00000006.00000000.552175062.0000000004BB0000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	4BB0000
Size:	4096

Details

Name:	00000006.00000000.545127977.00000000000E4000.00000004.00000040.sdmp
TargetID:	6
Dumpstage:	process new
Regiontype:	heap private
Protect:	page read and write
Base address:	E4000
Size:	49152

Details

Name:	00000008.00000000.503364453.000000007EFB2000.00000002.00020000.sdmp
TargetID:	8
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7EFB2000
Size:	4096

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

Domains

IPs

Registry

Memdumps