Automated Malware Analysis IOC Report for

Details

Name:	0000000A.00000002.2110804332.0000000002CA0000.00000040.80000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	2CA0000
Size:	278528

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000009.00000002.2113082750.0000000004F80000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4F80000
Size:	1708032

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	0000000A.00000002.2112513266.0000000004930000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4930000
Size:	278528

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000000.00000002.1357255584.00000000030F0000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	30F0000
Size:	1708032

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	0000000A.00000002.2112607826.0000000004980000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4980000
Size:	278528

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000000.00000002.1356628507.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	AA1000
Size:	286720

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	00000000.00000002.1357208647.00000000011C0000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	11C0000
Size:	278528

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	0000000B.00000002.2112450897.0000000000C10000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C10000
Size:	372736

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality

Details

Name:	0000000A.00000002.2115608834.0000000007D84000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D84000
Size:	12288

Details

Name:	00000009.00000002.2113082750.0000000003180000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3180000
Size:	10485760

Details

Name:	0000000A.00000002.2115608834.0000000007CCF000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CCF000
Size:	8192

Details

Name:	0000000B.00000000.1430887422.0000000000900000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	900000
Size:	4096

Details

Name:	00000009.00000002.2111138231.0000000000F60000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	F60000
Size:	4096

Details

Name:	0000000A.00000003.1357199286.0000000002F5A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5A000
Size:	4096

Details

Name:	0000000C.00000002.1653144850.000001FD27F50000.00000004.00000020.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F50000
Size:	4096

Details

Name:	0000000A.00000003.1535612989.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2112567619.0000000002E40000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2E40000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.000000000302A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	302A000
Size:	86016

Signature Hits	Behavior Group	Mitre Attack
SQL strings found in memory and binary data	System Summary

Details

Name:	0000000B.00000000.1431026219.0000000001200000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1200000
Size:	319488

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000A.00000003.1537267030.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000003.1609388502.000001FD27F9B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F9B000
Size:	8192

Details

Name:	0000000B.00000002.2112450897.0000000000C6E000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C6E000
Size:	4096

Details

Name:	0000000B.00000002.2111242948.00000000008A1000.00000020.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	8A1000
Size:	57344

Details

Name:	00000000.00000002.1357255584.0000000001CF0000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	1CF0000
Size:	10485760

Details

Name:	0000000A.00000003.1539435456.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1539735369.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2117085060.00000000082BF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	82BF000
Size:	4096

Details

Name:	0000000B.00000002.2110532365.00000000006F0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	6F0000
Size:	4096

Details

Name:	0000000A.00000003.1536344620.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1652994441.0000000B2F5FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	B2F5FE000
Size:	8192

Details

Name:	0000000A.00000002.2110551065.0000000002C3B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	2C3B000
Size:	20480

Details

Name:	0000000A.00000003.1534181917.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000000.1430776033.000000000087C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	87C000
Size:	16384

Details

Name:	0000000A.00000003.1536958029.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2112377284.0000000001891000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1891000
Size:	12288

Details

Name:	0000000B.00000000.1430749367.0000000000710000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	710000
Size:	4096

Details

Name:	0000000A.00000003.1540387553.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1537877459.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2116100382.000000000539F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	539F000
Size:	4096

Details

Name:	0000000A.00000002.2112402332.0000000003160000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3160000
Size:	16384

Details

Name:	0000000A.00000003.1546979174.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1284699283.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000A.00000003.1538184703.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1262603270.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Details

Name:	0000000A.00000003.1539500802.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1280012126.0000000001460000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	1460000
Size:	4096

Details

Name:	0000000B.00000000.1431009389.0000000000E70000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	E70000
Size:	32768

Details

Name:	00000009.00000000.1278920480.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8AF000
Size:	28672

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000003.1534523250.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1537055101.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539997762.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2112450897.0000000000C95000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C95000
Size:	4096

Details

Name:	0000000A.00000003.1535931557.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1380366691.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	217088

Details

Name:	00000009.00000000.1280520223.0000000002FA0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	2FA0000
Size:	16384

Details

Name:	0000000A.00000003.1535282339.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1538602743.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1262695768.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9B9000
Size:	4096

Details

Name:	00000000.00000003.1265077464.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	00000009.00000000.1280260932.000000000168F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	168F000
Size:	4096

Details

Name:	00000000.00000003.1356383526.00000000009BC000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BC000
Size:	4096

Details

Name:	0000000A.00000003.1538667623.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1534911083.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2113082750.0000000005137000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	5137000
Size:	4096

Details

Name:	0000000A.00000003.1537197295.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007CD2000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CD2000
Size:	4096

Details

Name:	00000009.00000000.1279849187.0000000001430000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1430000
Size:	4096

Details

Name:	0000000A.00000003.1536063206.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2113082750.0000000004580000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4580000
Size:	10485760

Details

Name:	0000000B.00000002.2112079218.0000000000910000.00000004.00000020.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007D10000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D10000
Size:	8192

Details

Name:	00000000.00000002.1356751237.0000000000E70000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	E70000
Size:	1208320

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000003.1535662912.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000003.1603085274.000001FD29870000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29870000
Size:	4096

Details

Name:	0000000A.00000003.1536264974.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000002.1356554180.000000000096E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	96E000
Size:	8192

Details

Name:	00000000.00000003.1284523079.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000A.00000003.1536124326.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007D7B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D7B000
Size:	8192

Details

Name:	0000000B.00000002.2114282482.0000000002B8C000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2B8C000
Size:	339968

Details

Name:	0000000A.00000003.1544750307.0000000007D2F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D2F000
Size:	4096

Details

Name:	0000000A.00000003.1540262640.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7CC1000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	0000000A.00000003.1380709238.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2113840032.0000000002794000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2794000
Size:	4096

Details

Name:	00000000.00000002.1356523535.000000000083E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	83E000
Size:	8192

Details

Name:	0000000A.00000003.1534291881.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2112617099.0000000002FA0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FA0000
Size:	16384

Details

Name:	0000000A.00000003.1535753305.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1357136507.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5B000
Size:	20480

Details

Name:	00000009.00000000.1279465216.000000000133A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	133A000
Size:	8192

Details

Name:	0000000A.00000003.1537487800.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1535878451.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1533027315.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2117132166.00000000082FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	82FE000
Size:	8192

Details

Name:	0000000A.00000003.1539669745.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2111605719.0000000001320000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1320000
Size:	4096

Details

Name:	0000000A.00000003.1535466828.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534836312.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2112668276.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FB0000
Size:	8192

Details

Name:	0000000A.00000003.1536515940.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653046434.000001FD27EB6000.00000040.80000000.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	1FD27EB6000
Size:	4096

Details

Name:	0000000A.00000003.1534397084.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1357117944.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F56000
Size:	36864

Details

Name:	00000000.00000003.1262549403.00000000009B3000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9B3000
Size:	28672

Details

Name:	00000000.00000002.1357255584.00000000032A7000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	32A7000
Size:	4096

Details

Name:	0000000A.00000003.1539769211.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2115608834.0000000007D57000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D57000
Size:	12288

Details

Name:	0000000A.00000003.1356722753.0000000004A41000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	4A41000
Size:	512000

Details

Name:	0000000B.00000002.2113723171.0000000002760000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2760000
Size:	16384

Details

Name:	0000000A.00000003.1536172189.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2112184988.0000000001450000.00000004.00000020.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1450000
Size:	4096

Details

Name:	0000000A.00000003.1535385695.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2113061079.0000000004DAD000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4DAD000
Size:	458752

Details

Name:	0000000A.00000003.1547110013.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1364408642.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007D72000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D72000
Size:	16384

Details

Name:	00000009.00000000.1279917843.0000000001450000.00000004.00000020.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	1450000
Size:	4096

Details

Name:	0000000A.00000002.2112779812.0000000004A80000.00000040.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page execute and read and write
Base address:	4A80000
Size:	94208

Details

Name:	00000009.00000003.1295593337.0000000001355000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1355000
Size:	81920

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000C.00000002.1653270882.000001FD29A00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD29A00000
Size:	12288

Details

Name:	0000000A.00000002.2115608834.0000000007D91000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D91000
Size:	4096

Details

Name:	0000000C.00000002.1651586197.0000000027DC2000.00000004.80000000.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	system
Protect:	page read and write
Base address:	27DC2000
Size:	4096

Details

Name:	0000000A.00000002.2110717661.0000000002C78000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	2C78000
Size:	32768

Details

Name:	00000000.00000002.1356569818.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	9A0000
Size:	32768

Details

Name:	0000000A.00000003.1535808672.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2114282482.0000000002F74000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2F74000
Size:	8192

Details

Name:	00000009.00000000.1280465944.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	2E9E000
Size:	8192

Details

Name:	0000000A.00000003.1359052681.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	65536

Details

Name:	0000000A.00000003.1535216311.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007CF1000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CF1000
Size:	8192

Details

Name:	00000009.00000000.1280369354.0000000001891000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1891000
Size:	12288

Details

Name:	0000000A.00000003.1357156803.0000000002F65000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F65000
Size:	20480

Details

Name:	00000000.00000000.860375724.0000000000AA0000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	AA0000
Size:	4096

Details

Name:	00000000.00000002.1357239770.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	12E0000
Size:	8192

Details

Name:	0000000B.00000002.2115929427.000000000515E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	515E000
Size:	8192

Details

Name:	00000009.00000002.2112122846.0000000001440000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1440000
Size:	4096

Details

Name:	0000000A.00000003.1358875567.0000000004BF4000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	4BF4000
Size:	4096

Details

Name:	0000000A.00000003.1534363993.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1280848260.0000000003174000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	3174000
Size:	4096

Details

Name:	00000000.00000003.1276216602.00000000011C0000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	direct allocation
Protect:	page read and write
Base address:	11C0000
Size:	163840

Details

Name:	0000000B.00000002.2113243777.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	DA7000
Size:	20480

Details

Name:	00000009.00000000.1279016142.00000000008B9000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8B9000
Size:	61440

Details

Name:	0000000C.00000002.1653326467.000001FD29C0A000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C0A000
Size:	4096

Details

Name:	0000000A.00000002.2113999376.00000000050EC000.00000004.10000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	50EC000
Size:	4096

Details

Name:	0000000A.00000003.1377612251.0000000004B30000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4B30000
Size:	159744

Details

Name:	0000000B.00000002.2110983578.000000000087C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	87C000
Size:	16384

Details

Name:	00000000.00000003.1265036903.0000000000B01000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	B01000
Size:	65536

Details

Name:	00000000.00000003.1262354489.0000000000C25000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	C25000
Size:	512000

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000003.1264456359.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	DE6000
Size:	4096

Details

Name:	0000000A.00000003.1534113929.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1537571717.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1538852691.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.000000000300D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	300D000
Size:	12288

Details

Name:	0000000B.00000002.2110797628.0000000000710000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	710000
Size:	4096

Details

Name:	00000000.00000003.1262695768.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Details

Name:	0000000A.00000003.1547012054.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2113642796.0000000001201000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1201000
Size:	315392

Details

Name:	0000000A.00000002.2117192196.000000000833F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	833F000
Size:	4096

Details

Name:	00000009.00000002.2111004730.00000000008B9000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8B9000
Size:	61440

Details

Name:	0000000A.00000002.2111184637.0000000002FFA000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FFA000
Size:	4096

Details

Name:	0000000B.00000000.1430860301.00000000008E0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8E0000
Size:	4096

Details

Name:	0000000A.00000002.2113061079.0000000004F4D000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4F4D000
Size:	4096

Details

Name:	0000000B.00000002.2113840032.0000000002790000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2790000
Size:	8192

Details

Name:	0000000A.00000003.1536017845.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1364333889.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2E74000
Size:	4096

Details

Name:	0000000A.00000003.1432739676.0000000004B30000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4B30000
Size:	159744

Details

Name:	0000000A.00000003.1534050544.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000000.1279465216.000000000133E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	133E000
Size:	94208

Details

Name:	0000000B.00000002.2115742264.0000000004FC0000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	4FC0000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000002F40000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2F40000
Size:	24576

Details

Name:	0000000A.00000003.1538913607.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1278974498.00000000008B6000.00000004.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8B6000
Size:	8192

Details

Name:	0000000B.00000000.1430815975.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8AF000
Size:	28672

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000002.2115608834.0000000007D52000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D52000
Size:	12288

Details

Name:	0000000B.00000002.2112450897.0000000000C86000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C86000
Size:	4096

Details

Name:	0000000A.00000003.1374311697.0000000004B30000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4B30000
Size:	159744

Details

Name:	00000000.00000003.1262644957.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9C4000
Size:	20480

Details

Name:	0000000A.00000003.1364299853.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2E74000
Size:	4096

Details

Name:	0000000A.00000003.1539567324.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2113243777.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	DA3000
Size:	12288

Details

Name:	0000000C.00000002.1652924817.0000000B2DDFD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	B2DDFD000
Size:	12288

Details

Name:	0000000A.00000003.1357169669.0000000002F54000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F54000
Size:	28672

Details

Name:	00000009.00000002.2111364595.0000000000F80000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	F80000
Size:	4096

Details

Name:	00000000.00000003.1262659110.00000000009B3000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9B3000
Size:	28672

Details

Name:	0000000A.00000003.1546911281.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1280498603.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	2F9F000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FB7000
Size:	143360

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	0000000A.00000003.1537009040.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1538225422.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1264456359.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	E5B000
Size:	24576

Details

Name:	0000000A.00000003.1535351888.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1536759374.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000000.1280393616.0000000001A30000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1A30000
Size:	319488

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000A.00000003.1547075024.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653164876.000001FD27F8C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F8C000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000009.00000000.1279084196.0000000000F70000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	F70000
Size:	4096

Details

Name:	00000000.00000002.1356751237.00000000011B2000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	11B2000
Size:	40960

Details

Name:	0000000B.00000002.2113243777.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	D7A000
Size:	8192

Details

Name:	00000000.00000002.1356475577.000000000078B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	78B000
Size:	20480

Details

Name:	0000000A.00000003.1539067757.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000000.1430963366.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	D7E000
Size:	90112

Details

Name:	0000000A.00000003.1540120408.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2113082750.000000000519F000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	519F000
Size:	7401472

Details

Name:	00000009.00000002.2112045815.0000000001430000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1430000
Size:	4096

Details

Name:	0000000A.00000003.1534702395.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000003.1262528068.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9C4000
Size:	20480

Details

Name:	0000000B.00000000.1430963366.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	D7A000
Size:	8192

Details

Name:	00000009.00000000.1279397727.0000000001320000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1320000
Size:	4096

Details

Name:	0000000B.00000002.2113144827.0000000000D51000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	D51000
Size:	12288

Details

Name:	0000000A.00000002.2111184637.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2F56000
Size:	360448

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	0000000A.00000003.1536849795.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000002.1356538376.0000000000850000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	850000
Size:	16384

Details

Name:	0000000A.00000003.1536898451.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000002.2112975622.0000000003174000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3174000
Size:	4096

Details

Name:	0000000A.00000003.1538287631.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1535162301.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2111691251.0000000001330000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1330000
Size:	32768

Details

Name:	0000000A.00000003.1536307446.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653326467.000001FD29C21000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C21000
Size:	4096

Details

Name:	0000000B.00000002.2112187395.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	9F0000
Size:	16384

Details

Name:	0000000A.00000003.1536678031.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1431115374.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	27B0000
Size:	8192

Details

Name:	0000000A.00000003.1534763344.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000002.1356673045.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	B00000
Size:	4096

Details

Name:	0000000B.00000002.2114282482.0000000003106000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3106000
Size:	8192

Details

Name:	0000000A.00000003.1536475329.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1269441739.0000000000800000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	direct allocation
Protect:	page read and write
Base address:	800000
Size:	159744

Details

Name:	0000000A.00000002.2113002196.0000000004C70000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	4C70000
Size:	4096

Details

Name:	0000000B.00000002.2113770837.0000000002780000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2780000
Size:	4096

Details

Name:	0000000A.00000003.1535044172.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000002.1356509388.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7F0000
Size:	4096

Details

Name:	0000000A.00000003.1536444884.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2111135401.00000000008A0000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8A0000
Size:	4096

Details

Name:	00000000.00000002.1356686818.0000000000CFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	CFE000
Size:	8192

Details

Name:	0000000A.00000003.1539468288.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2112269393.0000000001470000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1470000
Size:	20480

Details

Name:	0000000A.00000003.1540046505.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1538542652.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2111755593.00000000008E0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8E0000
Size:	4096

Details

Name:	0000000B.00000002.2115988709.000000000525F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	525F000
Size:	4096

Details

Name:	0000000A.00000003.1357050180.0000000002F5A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5A000
Size:	4096

Details

Name:	00000000.00000003.1262354489.0000000000B02000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	B02000
Size:	1187840

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000B.00000002.2112450897.0000000000C6C000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C6C000
Size:	4096

Details

Name:	0000000A.00000003.1356983443.0000000002F65000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F65000
Size:	20480

Details

Name:	0000000B.00000002.2111366619.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8AF000
Size:	28672

Details

Name:	0000000B.00000000.1430800871.00000000008A1000.00000020.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	8A1000
Size:	57344

Details

Name:	0000000A.00000003.1535317716.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1430873439.00000000008F0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8F0000
Size:	4096

Details

Name:	00000009.00000000.1280671857.00000000030C0000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	0000000A.00000003.1538958082.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1358875567.0000000004ACB000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	4ACB000
Size:	1196032

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000003.1544750307.0000000007D17000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D17000
Size:	8192

Details

Name:	0000000A.00000003.1537685270.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1536414745.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1539802710.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2115608834.0000000007D27000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D27000
Size:	8192

Details

Name:	0000000A.00000002.2113999376.0000000005826000.00000004.10000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	5826000
Size:	8192

Details

Name:	0000000A.00000003.1539365767.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2110887955.000000000077A000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	77A000
Size:	24576

Details

Name:	00000000.00000003.1262576461.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Details

Name:	00000009.00000000.1280332679.0000000001690000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1690000
Size:	32768

Details

Name:	0000000A.00000003.1537794823.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000002.1356751237.0000000000F99000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	F99000
Size:	4096

Details

Name:	0000000B.00000002.2113554939.0000000000E70000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	E70000
Size:	32768

Details

Name:	0000000C.00000003.1609298187.000001FD29DBE000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29DBE000
Size:	12288

Details

Name:	0000000B.00000000.1430963366.0000000000D70000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	D70000
Size:	32768

Details

Name:	0000000A.00000003.1534081122.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534608159.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1533203342.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2112187395.00000000009F6000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	9F6000
Size:	8192

Details

Name:	00000009.00000000.1279465216.0000000001330000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	1330000
Size:	32768

Details

Name:	0000000A.00000003.1535777762.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1273509462.00000000011C0000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	direct allocation
Protect:	page read and write
Base address:	11C0000
Size:	159744

Details

Name:	00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9C4000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000C.00000003.1606819847.000001FD29870000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29870000
Size:	4096

Details

Name:	0000000A.00000003.1357225361.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	0000000A.00000003.1533152048.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007D36000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D36000
Size:	49152

Details

Name:	0000000A.00000002.2112449002.0000000004910000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	4910000
Size:	4096

Details

Name:	0000000A.00000003.1539835395.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1537604347.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000009.00000000.1278744234.00000000008A0000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8A0000
Size:	4096

Details

Name:	0000000A.00000003.1539041129.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000C.00000002.1653164876.000001FD27F7F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F7F000
Size:	40960

Details

Name:	00000009.00000002.2111691251.000000000133A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	133A000
Size:	8192

Details

Name:	0000000A.00000002.2115608834.0000000007CDD000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CDD000
Size:	8192

Details

Name:	0000000C.00000002.1652971849.0000000B2EDFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	B2EDFE000
Size:	8192

Details

Name:	0000000A.00000003.1538734493.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1534254292.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2113999376.00000000052AC000.00000004.10000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	52AC000
Size:	339968

Details

Name:	0000000A.00000002.2112902364.0000000004BEE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4BEE000
Size:	8192

Details

Name:	0000000C.00000003.1603125238.000001FD29870000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29870000
Size:	4096

Details

Name:	00000009.00000000.1280848260.0000000003170000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	3170000
Size:	8192

Details

Name:	00000000.00000003.1284625398.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000C.00000002.1653423660.000001FD29D01000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29D01000
Size:	4096

Details

Name:	00000009.00000002.2112319452.0000000001690000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1690000
Size:	32768

Details

Name:	0000000B.00000002.2113243777.0000000000D99000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	D99000
Size:	36864

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	0000000A.00000003.1539412902.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653256825.000001FD29850000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD29850000
Size:	4096

Details

Name:	0000000A.00000003.1534875185.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2112975622.0000000003170000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3170000
Size:	8192

Details

Name:	0000000B.00000000.1431207485.0000000002B8C000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2B8C000
Size:	339968

Details

Name:	0000000A.00000003.1534801679.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1536389161.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2113061079.0000000004DA9000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4DA9000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000003004000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3004000
Size:	4096

Details

Name:	0000000A.00000003.1363563059.0000000004910000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	4910000
Size:	159744

Details

Name:	0000000A.00000003.1536222273.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1430898115.0000000000910000.00000004.00000020.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	910000
Size:	4096

Details

Name:	0000000A.00000002.2117229117.000000000838E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	838E000
Size:	8192

Details

Name:	00000009.00000002.2111243669.0000000000F70000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	F70000
Size:	4096

Details

Name:	0000000A.00000003.1537453643.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000002.1357255584.000000000330F000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	330F000
Size:	7401472

Details

Name:	00000000.00000002.1356458632.000000000068C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	68C000
Size:	16384

Details

Name:	00000009.00000002.2111444179.0000000000FEA000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FEA000
Size:	24576

Details

Name:	00000009.00000000.1280139950.0000000001470000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	1470000
Size:	20480

Details

Name:	0000000B.00000002.2114282482.00000000029CC000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	29CC000
Size:	4096

Details

Name:	0000000A.00000003.1534731068.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2111638413.00000000008B9000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8B9000
Size:	61440

Details

Name:	0000000A.00000003.1544750307.0000000007D24000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D24000
Size:	4096

Details

Name:	0000000B.00000000.1430719063.00000000006F0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	6F0000
Size:	4096

Details

Name:	00000009.00000000.1279892843.0000000001440000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	1440000
Size:	4096

Details

Name:	0000000A.00000003.1533948507.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653046434.000001FD27E30000.00000040.80000000.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	1FD27E30000
Size:	495616

Details

Name:	00000000.00000000.860423507.0000000000AE7000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	AE7000
Size:	45056

Details

Name:	0000000A.00000002.2115608834.0000000007D22000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D22000
Size:	8192

Details

Name:	00000000.00000003.1269669450.0000000000B01000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	B01000
Size:	212992

Details

Name:	0000000A.00000003.1537384908.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1536628098.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1430935851.0000000000D51000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	D51000
Size:	12288

Details

Name:	0000000A.00000003.1539390462.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653164876.000001FD27FA2000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27FA2000
Size:	28672

Details

Name:	0000000A.00000003.1534671911.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000000.1430736649.0000000000700000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	700000
Size:	4096

Details

Name:	0000000A.00000003.1537997962.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1537931569.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1430909879.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	9F0000
Size:	20480

Details

Name:	00000000.00000003.1269711146.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	00000009.00000000.1279129076.0000000000F80000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	F80000
Size:	4096

Details

Name:	00000000.00000002.1357255584.00000000012F0000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	12F0000
Size:	10485760

Details

Name:	00000009.00000002.2112711780.0000000002FC0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FC0000
Size:	925696

Details

Name:	0000000A.00000003.1537420524.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534948875.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1357050180.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	0000000C.00000002.1653243064.000001FD28080000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD28080000
Size:	8192

Details

Name:	0000000A.00000003.1357008436.0000000002F54000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F54000
Size:	28672

Details

Name:	0000000B.00000002.2113096688.0000000000D30000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	D30000
Size:	12288

Details

Name:	0000000A.00000003.1534213696.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000002.1356615558.0000000000AA0000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	AA0000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FE0000
Size:	40960

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000009.00000002.2111691251.0000000001367000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1367000
Size:	4096

Details

Name:	0000000C.00000002.1653326467.000001FD29C0E000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C0E000
Size:	4096

Details

Name:	0000000A.00000003.1536592447.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1535085535.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1535970080.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000000.1430950428.0000000000D60000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	D60000
Size:	4096

Details

Name:	0000000A.00000003.1540547433.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539126051.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1279252849.0000000000FEA000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	FEA000
Size:	24576

Details

Name:	0000000B.00000000.1431207485.00000000028B2000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	28B2000
Size:	4096

Details

Name:	0000000A.00000003.1533869721.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007CFB000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CFB000
Size:	8192

Details

Name:	0000000C.00000002.1651586197.000000002809C000.00000004.80000000.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	system
Protect:	page read and write
Base address:	2809C000
Size:	339968

Details

Name:	00000009.00000002.2113082750.0000000003B80000.00000040.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	3B80000
Size:	10485760

Details

Name:	00000009.00000002.2110534854.00000000008A0000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8A0000
Size:	4096

Details

Name:	0000000A.00000003.1539236968.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000003.1284487533.0000000000B01000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	B01000
Size:	221184

Details

Name:	0000000B.00000000.1431128886.00000000027C0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	27C0000
Size:	925696

Details

Name:	0000000A.00000003.1537139388.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1537642321.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007CEB000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CEB000
Size:	8192

Details

Name:	0000000B.00000002.2113243777.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	D7E000
Size:	94208

Details

Name:	0000000A.00000002.2111050698.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2E40000
Size:	4096

Details

Name:	00000000.00000002.1356751237.0000000001141000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	1141000
Size:	458752

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	0000000A.00000003.1544750307.0000000007D1D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D1D000
Size:	4096

Details

Name:	0000000A.00000002.2112864515.0000000004BAD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4BAD000
Size:	12288

Details

Name:	0000000A.00000003.1357199286.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	00000000.00000003.1325469492.00000000011C0000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	direct allocation
Protect:	page read and write
Base address:	11C0000
Size:	163840

Details

Name:	0000000A.00000003.1537534107.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1358875567.0000000004C69000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	4C69000
Size:	24576

Details

Name:	0000000B.00000000.1430828446.00000000008B6000.00000004.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	8B6000
Size:	8192

Details

Name:	0000000A.00000002.2111184637.0000000003007000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3007000
Size:	16384

Details

Name:	00000000.00000003.1356368662.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000A.00000003.1535707797.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534149542.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000000.1431089740.0000000002790000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	2790000
Size:	8192

Details

Name:	0000000A.00000002.2113061079.0000000004E1E000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4E1E000
Size:	1220608

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000000.00000003.1284678194.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000C.00000002.1652903565.0000000B2D5FB000.00000004.00000010.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	B2D5FB000
Size:	20480

Details

Name:	0000000A.00000003.1534995094.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1533276785.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2114018967.00000000027C0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	27C0000
Size:	925696

Details

Name:	0000000A.00000003.1357169669.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	0000000C.00000003.1609298187.000001FD29DC4000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29DC4000
Size:	24576

Details

Name:	0000000A.00000003.1536366967.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000003025000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3025000
Size:	8192

Signature Hits	Behavior Group	Mitre Attack
SQL strings found in memory and binary data	System Summary

Details

Name:	0000000A.00000003.1546946137.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000002.2110961824.0000000002D20000.00000004.00000020.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2D20000
Size:	4096

Details

Name:	00000009.00000000.1280189589.000000000158E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	158E000
Size:	8192

Details

Name:	0000000A.00000003.1537733798.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539703326.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000C.00000003.1609388502.000001FD27FA2000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27FA2000
Size:	28672

Details

Name:	0000000A.00000003.1364251751.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	217088

Details

Name:	0000000A.00000003.1534565835.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534645941.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2116048062.000000000529E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	529E000
Size:	8192

Details

Name:	0000000A.00000003.1356722753.000000000491E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	491E000
Size:	1187840

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000B.00000002.2113190395.0000000000D60000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	D60000
Size:	4096

Details

Name:	0000000B.00000000.1431089740.0000000002794000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	2794000
Size:	4096

Details

Name:	00000009.00000003.1295628085.0000000001368000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	1368000
Size:	4096

Details

Name:	00000000.00000002.1356713724.0000000000E00000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page read and write
Base address:	E00000
Size:	278528

Details

Name:	0000000A.00000002.2115608834.0000000007D4C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D4C000
Size:	8192

Details

Name:	0000000A.00000003.1534329220.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000002.1356491048.00000000007E0000.00000004.00000020.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7E0000
Size:	4096

Details

Name:	0000000A.00000003.1536550615.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000002.1356657376.0000000000AE7000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	AE7000
Size:	45056

Details

Name:	0000000A.00000003.1533813373.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1535840675.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539334335.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1540069137.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000000.1278817237.00000000008A1000.00000020.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	8A1000
Size:	57344

Details

Name:	00000000.00000002.1356751237.000000000113D000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	113D000
Size:	4096

Details

Name:	0000000C.00000002.1653326467.000001FD29C03000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C03000
Size:	16384

Details

Name:	0000000A.00000003.1539092513.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2116988548.000000000823D000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	823D000
Size:	12288

Details

Name:	00000009.00000002.2110898899.00000000008B6000.00000004.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8B6000
Size:	8192

Details

Name:	00000000.00000002.1356751237.000000000100E000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	100E000
Size:	1220608

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000A.00000003.1537322636.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000C.00000002.1653164876.000001FD27F77000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F77000
Size:	28672

Details

Name:	00000009.00000002.2110816153.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8AF000
Size:	28672

Details

Name:	0000000A.00000002.2115608834.0000000007CF6000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CF6000
Size:	8192

Details

Name:	0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D29000
Size:	12288

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	0000000A.00000002.2117045835.000000000827E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	827E000
Size:	8192

Details

Name:	00000009.00000000.1280557128.0000000002FC0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	2FC0000
Size:	925696

Details

Name:	0000000A.00000003.1544750307.0000000007D12000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	7D12000
Size:	8192

Details

Name:	0000000B.00000002.2112450897.0000000000C92000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C92000
Size:	8192

Details

Name:	00000000.00000002.1356569818.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	9AA000
Size:	8192

Details

Name:	0000000A.00000003.1539270818.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1533761889.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1357083820.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	0000000A.00000003.1359069083.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2E74000
Size:	4096

Details

Name:	0000000A.00000003.1534469025.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000C.00000002.1653046434.000001FD27EB9000.00000040.80000000.00040000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	1FD27EB9000
Size:	4096

Details

Name:	00000000.00000002.1356751237.0000000000F9D000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	F9D000
Size:	458752

Details

Name:	0000000A.00000003.1534014158.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1538788746.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1284587992.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000A.00000002.2111098514.0000000002E70000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2E70000
Size:	16384

Details

Name:	0000000A.00000003.1380432834.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1535186300.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1534433423.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1538414756.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2115608834.0000000007D88000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D88000
Size:	32768

Details

Name:	0000000B.00000000.1431062114.0000000002760000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	2760000
Size:	16384

Details

Name:	0000000A.00000002.2112951575.0000000004C5C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	4C5C000
Size:	16384

Details

Name:	0000000B.00000000.1431076429.0000000002780000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2780000
Size:	4096

Details

Name:	0000000A.00000003.1539868215.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000002.1357255584.00000000026F0000.00000040.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute and read and write
Base address:	26F0000
Size:	10485760

Details

Name:	0000000A.00000003.1539933054.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539900476.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1539601693.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1533106456.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539637732.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2113061079.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4C80000
Size:	1208320

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000009.00000002.2112928572.00000000030C0000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	30C0000
Size:	4096

Details

Name:	00000000.00000003.1356343851.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	00000009.00000000.1279049379.0000000000F60000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	F60000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007D5C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D5C000
Size:	12288

Details

Name:	0000000A.00000003.1539302804.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D94000
Size:	90112

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	0000000A.00000002.2113999376.0000000004FD2000.00000004.10000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	4FD2000
Size:	4096

Details

Name:	0000000C.00000002.1652946578.0000000B2E5FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	B2E5FF000
Size:	4096

Details

Name:	00000000.00000002.1356700751.0000000000DFF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	DFF000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.000000000301A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	301A000
Size:	32768

Signature Hits	Behavior Group	Mitre Attack
SQL strings found in memory and binary data	System Summary

Details

Name:	0000000B.00000002.2113243777.0000000000D70000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	D70000
Size:	32768

Details

Name:	0000000A.00000002.2115608834.0000000007CD9000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CD9000
Size:	8192

Details

Name:	00000000.00000003.1262659110.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Details

Name:	0000000C.00000002.1653309116.000001FD29C00000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C00000
Size:	4096

Details

Name:	00000009.00000000.1280538867.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	heap
Protect:	page read and write
Base address:	2FB0000
Size:	8192

Details

Name:	0000000B.00000002.2111854142.00000000008F0000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8F0000
Size:	4096

Details

Name:	0000000B.00000002.2114282482.00000000028B2000.00000004.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	28B2000
Size:	4096

Details

Name:	0000000B.00000000.1430762460.000000000077A000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	77A000
Size:	24576

Details

Name:	0000000A.00000003.1539965355.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2111461003.00000000008B6000.00000004.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8B6000
Size:	8192

Details

Name:	00000009.00000002.2111522526.00000000012FC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	12FC000
Size:	16384

Details

Name:	0000000A.00000002.2111184637.0000000002F48000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2F48000
Size:	49152

Details

Name:	0000000A.00000003.1539003679.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2113947270.00000000027B0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27B0000
Size:	12288

Details

Name:	0000000A.00000003.1547042557.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2110703535.0000000000700000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	700000
Size:	4096

Details

Name:	00000000.00000003.1262576461.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9B9000
Size:	4096

Details

Name:	0000000B.00000000.1430790604.00000000008A0000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8A0000
Size:	4096

Details

Name:	00000009.00000002.2112444435.0000000001A31000.00000002.00000001.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1A31000
Size:	315392

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	0000000C.00000002.1653164876.000001FD27F70000.00000004.00000020.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1FD27F70000
Size:	24576

Details

Name:	0000000A.00000003.1538350595.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000003.1262549403.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Details

Name:	0000000A.00000003.1540023536.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	00000000.00000000.860389361.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	AA1000
Size:	286720

Details

Name:	00000000.00000003.1284642852.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	0000000A.00000003.1535242393.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000A.00000003.1538087753.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000B.00000002.2111960513.0000000000900000.00000002.00000001.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	900000
Size:	4096

Details

Name:	0000000A.00000003.1538124075.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	4096

Details

Name:	0000000A.00000003.1539534029.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	0000000B.00000002.2115791823.000000000501C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	501C000
Size:	16384

Details

Name:	0000000A.00000002.2115608834.0000000007D2B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D2B000
Size:	12288

Details

Name:	0000000C.00000002.1653326467.000001FD29C13000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C13000
Size:	12288

Details

Name:	0000000A.00000003.1538468369.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000009.00000002.2111691251.000000000133E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	133E000
Size:	94208

Details

Name:	0000000B.00000002.2112450897.0000000000CE9000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	CE9000
Size:	270336

Details

Name:	00000009.00000000.1279292600.00000000012FC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	stack
Protect:	page read and write
Base address:	12FC000
Size:	16384

Details

Name:	0000000A.00000002.2113999376.0000000005694000.00000004.10000000.00040000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	5694000
Size:	8192

Details

Name:	00000000.00000002.1356569818.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	9AE000
Size:	57344

Details

Name:	0000000A.00000002.2113061079.0000000004FC2000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4FC2000
Size:	40960

Details

Name:	0000000A.00000002.2111184637.0000000002FF5000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FF5000
Size:	4096

Details

Name:	0000000A.00000002.2113061079.0000000004F51000.00000040.00001000.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	4F51000
Size:	458752

Details

Name:	0000000C.00000002.1653292713.000001FD29B00000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29B00000
Size:	4096

Details

Name:	0000000A.00000002.2111184637.0000000002FDD000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2FDD000
Size:	8192

Details

Name:	0000000C.00000003.1609324623.000001FD29DA6000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29DA6000
Size:	8192

Details

Name:	0000000A.00000002.2112338575.0000000003050000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	3050000
Size:	4096

Details

Name:	00000000.00000003.1264456359.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	CBD000
Size:	1196032

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000C.00000003.1609280064.000001FD29DCE000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	free memory
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29DCE000
Size:	4096

Details

Name:	0000000A.00000002.2115608834.0000000007CD4000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7CD4000
Size:	12288

Details

Name:	0000000A.00000002.2112708453.00000000049D0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	49D0000
Size:	94208

Details

Name:	0000000C.00000002.1653326467.000001FD29C11000.00000004.00000800.00020000.00000000.sdmp
TargetID:	12
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1FD29C11000
Size:	4096

Details

Name:	0000000B.00000000.1430921392.0000000000C00000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	C00000
Size:	4096

Details

Name:	0000000A.00000003.1357008436.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2F5F000
Size:	24576

Details

Name:	00000000.00000003.1284658485.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BD000
Size:	73728

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	0000000B.00000000.1430839939.00000000008B9000.00000002.00000001.01000000.00000007.sdmp
TargetID:	11
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	8B9000
Size:	61440

Details

Name:	0000000B.00000002.2112362080.0000000000C00000.00000004.00000001.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	C00000
Size:	4096

Details

Name:	00000009.00000002.2110704622.00000000008A1000.00000020.00000001.01000000.00000007.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	8A1000
Size:	57344

Details

Name:	00000009.00000000.1280444403.0000000002E40000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process new
Regiontype:	unkown
Protect:	page read and write
Base address:	2E40000
Size:	4096

Details

Name:	0000000B.00000002.2115865165.000000000511C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	511C000
Size:	16384

Details

Name:	0000000A.00000003.1358875567.0000000004BF8000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	4BF8000
Size:	458752

Details

Name:	0000000A.00000003.1535129923.0000000003051000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	3051000
Size:	8192

Details

Name:	00000000.00000003.1264456359.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	DEA000
Size:	458752

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	0000000A.00000002.2115608834.0000000007D81000.00000004.00000020.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	7D81000
Size:	8192

Details

Name:	00000009.00000002.2112231577.0000000001460000.00000004.00000001.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1460000
Size:	4096

Details

Name:	0000000A.00000002.2117264760.00000000083CF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	10
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	83CF000
Size:	4096

Details

Name:	0000000B.00000002.2112450897.0000000000C76000.00000040.80000000.00040000.00000000.sdmp
TargetID:	11
Dumpstage:	process exit
Regiontype:	system
Protect:	page execute and read and write
Base address:	C76000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000000.00000003.1284608189.0000000000854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	854000
Size:	4096

Details

Name:	00000000.00000003.1262729209.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	9BE000
Size:	24576

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportINQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe