Automated Malware Analysis IOC Report for

Details

Name:	00000000.00000003.437940393.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437762221.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437887198.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437952663.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437797687.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437924768.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000002.523909474.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	12288

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437846787.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000003.437824443.0000000002D28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D28000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Ursnif	Key, Mouse, Clipboard, Microphone and Screen Capturing, E-Banking Fraud, Hooking and other Techniques for Hiding and Protection, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000000.00000002.523814325.000000000225E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	225E000
Size:	8192

Details

Name:	00000005.00000002.310875213.0000021EB222E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB222E000
Size:	36864

Details

Name:	00000002.00000002.523152204.000000FCF3AAC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF3AAC000
Size:	16384

Details

Name:	00000005.00000002.310740286.0000021EB1FA0000.00000004.00000020.00040000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB1FA0000
Size:	4096

Details

Name:	00000000.00000002.523842423.00000000022DD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	22DD000
Size:	12288

Details

Name:	00000004.00000002.523175653.0000008DEDAFC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDAFC000
Size:	16384

Details

Name:	00000002.00000002.523340730.000000FCF44FD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF44FD000
Size:	12288

Details

Name:	00000000.00000000.255988953.000000000049F000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	49F000
Size:	57344

Details

Name:	00000003.00000002.523207152.000000F9946FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9946FF000
Size:	4096

Details

Name:	00000007.00000003.299910357.000001A2AEE92000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE92000
Size:	57344

Details

Name:	00000000.00000002.523958098.000000000376F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	376F000
Size:	4096

Details

Name:	00000005.00000002.310988605.0000021EB226B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB226B000
Size:	32768

Details

Name:	00000004.00000002.523356555.0000027078E00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E00000
Size:	4096

Details

Name:	00000008.00000002.523329333.000001A465802000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465802000
Size:	65536

Details

Name:	00000005.00000002.310963034.0000021EB2264000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2264000
Size:	12288

Details

Name:	00000005.00000003.310345940.0000021EB2249000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2249000
Size:	16384

Details

Name:	00000003.00000002.523302700.0000023FA0550000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0550000
Size:	8192

Details

Name:	00000009.00000002.428428999.000002C74F845000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F845000
Size:	32768

Details

Name:	00000007.00000002.523968969.000001A2AF76F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF76F000
Size:	135168

Details

Name:	00000001.00000002.523457740.0000018977E67000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E67000
Size:	53248

Details

Name:	00000007.00000003.299959090.000001A2AF722000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF722000
Size:	131072

Details

Name:	00000007.00000002.524077889.000001A2AF823000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF823000
Size:	8192

Details

Name:	00000003.00000003.284157198.0000023FA0658000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0658000
Size:	4096

Details

Name:	00000008.00000002.523404376.000001A465813000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465813000
Size:	45056

Details

Name:	00000005.00000003.310560145.0000021EB2244000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2244000
Size:	4096

Details

Name:	00000002.00000002.523824508.00000257BF112000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BF112000
Size:	4096

Details

Name:	00000002.00000002.523416472.00000257BE660000.00000004.00000020.00040000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE660000
Size:	4096

Details

Name:	00000000.00000002.523915958.0000000002E3F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	2E3F000
Size:	4096

Details

Name:	00000001.00000002.523214603.0000005C0FE7E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C0FE7E000
Size:	8192

Details

Name:	00000002.00000002.523457900.00000257BE800000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE800000
Size:	73728

Details

Name:	00000003.00000002.523680908.0000023FA0702000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0702000
Size:	49152

Details

Name:	00000001.00000002.523328799.0000018977E13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E13000
Size:	81920

Details

Name:	00000003.00000002.523339349.0000023FA0602000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0602000
Size:	65536

Details

Name:	00000009.00000002.428407784.000002C74F82E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F82E000
Size:	28672

Details

Name:	00000007.00000002.523340089.000001A2AED80000.00000004.00000800.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1A2AED80000
Size:	8192

Details

Name:	00000001.00000002.523276638.0000018977E00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E00000
Size:	4096

Details

Name:	00000000.00000002.523922419.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2F20000
Size:	4096

Details

Name:	00000005.00000002.310920123.0000021EB2255000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2255000
Size:	36864

Details

Name:	00000000.00000002.523140947.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1F0000
Size:	4096

Details

Name:	00000009.00000002.428358181.000002C74F740000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F740000
Size:	4096

Details

Name:	00000000.00000002.523867576.0000000002748000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2748000
Size:	4096

Details

Name:	00000003.00000002.523652634.0000023FA0666000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0666000
Size:	45056

Details

Name:	00000005.00000002.310691858.000000C6633CE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C6633CE000
Size:	8192

Details

Name:	00000005.00000002.310705005.000000C66387E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C66387E000
Size:	8192

Details

Name:	00000007.00000002.523987712.000001A2AF791000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF791000
Size:	122880

Details

Name:	00000000.00000002.523636233.0000000000873000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	873000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000007.00000002.523118274.0000007C81B7C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C81B7C000
Size:	16384

Details

Name:	00000003.00000002.523446821.0000023FA062A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA062A000
Size:	73728

Details

Name:	00000001.00000002.523276638.0000018977E02000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E02000
Size:	65536

Details

Name:	00000000.00000002.523937848.000000000346F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	346F000
Size:	4096

Details

Name:	00000004.00000002.523315349.0000027078C30000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078C30000
Size:	4096

Details

Name:	00000000.00000002.523396288.0000000000680000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	680000
Size:	24576

Details

Name:	00000000.00000002.523884713.000000000285C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	285C000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	00000003.00000002.523717994.0000023FA2070000.00000004.00000800.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	23FA2070000
Size:	4096

Details

Name:	00000005.00000002.311086770.0000021EB2802000.00000004.00000800.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	21EB2802000
Size:	4096

Details

Name:	00000000.00000002.523963258.000000000386E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	386E000
Size:	8192

Details

Name:	00000005.00000003.310241430.0000021EB2267000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2267000
Size:	49152

Details

Name:	00000005.00000003.310393793.0000021EB223A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB223A000
Size:	8192

Details

Name:	00000005.00000002.310895247.0000021EB223D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB223D000
Size:	12288

Details

Name:	00000000.00000002.523636233.000000000087F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	87F000
Size:	53248

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000007.00000002.523815576.000001A2AEF8E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEF8E000
Size:	172032

Details

Name:	00000000.00000002.523823930.0000000002280000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2280000
Size:	16384

Details

Name:	00000007.00000002.523520137.000001A2AEE69000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE69000
Size:	4096

Details

Name:	00000007.00000002.523170213.0000007C8217C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C8217C000
Size:	16384

Details

Name:	00000002.00000002.523748758.00000257BE889000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE889000
Size:	8192

Details

Name:	00000000.00000002.523899430.00000000028DE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	28DE000
Size:	8192

Details

Name:	00000000.00000002.523411744.0000000000790000.00000004.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	790000
Size:	4096

Details

Name:	00000007.00000002.524083831.000001A2AF827000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF827000
Size:	20480

Details

Name:	00000007.00000002.524027822.000001A2AF7CA000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF7CA000
Size:	28672

Details

Name:	00000005.00000002.310998550.0000021EB2274000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2274000
Size:	8192

Details

Name:	00000001.00000002.523159303.0000005C0FB7B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C0FB7B000
Size:	20480

Details

Name:	00000000.00000002.523942982.000000000356A000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	356A000
Size:	24576

Details

Name:	00000005.00000003.310376621.0000021EB2240000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2240000
Size:	28672

Details

Name:	00000007.00000002.523520137.000001A2AEE75000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE75000
Size:	8192

Details

Name:	00000008.00000002.523285735.000001A465650000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465650000
Size:	4096

Details

Name:	00000007.00000002.523277704.0000007C8267E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C8267E000
Size:	8192

Details

Name:	00000000.00000002.523467169.000000000080A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	80A000
Size:	49152

Signature Hits	Behavior Group	Mitre Attack
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture

Details

Name:	00000003.00000003.284311699.0000023FA0649000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0649000
Size:	4096

Details

Name:	00000005.00000003.285873905.0000021EB2230000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2230000
Size:	49152

Details

Name:	00000008.00000003.299794655.000001A4657E0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	1A4657E0000
Size:	4096

Details

Name:	00000000.00000000.255956008.0000000000400000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000005.00000003.310320589.0000021EB224D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB224D000
Size:	69632

Details

Name:	00000003.00000002.523697639.0000023FA0718000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0718000
Size:	20480

Details

Name:	00000009.00000002.428370810.000002C74F7C0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	2C74F7C0000
Size:	4096

Details

Name:	00000005.00000003.310552160.0000021EB2241000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2241000
Size:	16384

Details

Name:	00000003.00000002.523314407.0000023FA0580000.00000004.00000800.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	23FA0580000
Size:	4096

Details

Name:	00000001.00000002.523262162.0000018977C40000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977C40000
Size:	8192

Details

Name:	00000003.00000002.523732324.0000023FA2202000.00000004.00000800.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	23FA2202000
Size:	4096

Details

Name:	00000007.00000002.523302209.000001A2AECD0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AECD0000
Size:	8192

Details

Name:	00000001.00000002.523540207.0000018978402000.00000004.00000800.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	18978402000
Size:	4096

Details

Name:	00000003.00000002.523249570.000000F9949FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9949FE000
Size:	8192

Details

Name:	00000003.00000003.285184323.0000023FA05D0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	23FA05D0000
Size:	4096

Details

Name:	00000005.00000002.310804290.0000021EB21E0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	21EB21E0000
Size:	4096

Details

Name:	00000000.00000002.523110608.000000000009D000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	9D000
Size:	12288

Details

Name:	00000005.00000002.310867677.0000021EB2229000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2229000
Size:	16384

Details

Name:	00000001.00000002.523231188.0000018977BD0000.00000004.00000020.00040000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977BD0000
Size:	4096

Details

Name:	00000000.00000002.523636233.0000000000846000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	846000
Size:	176128

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

Details

Name:	00000002.00000002.523303150.000000FCF43FB000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF43FB000
Size:	20480

Details

Name:	00000001.00000002.523196914.0000005C0FD7B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C0FD7B000
Size:	20480

Details

Name:	00000001.00000002.523521451.0000018977F13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977F13000
Size:	20480

Details

Name:	00000005.00000002.310698673.000000C66377F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C66377F000
Size:	4096

Details

Name:	00000005.00000003.310573536.0000021EB224F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB224F000
Size:	61440

Details

Name:	00000003.00000002.523165990.000000F99437C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F99437C000
Size:	16384

Details

Name:	00000007.00000002.524065798.000001A2AF813000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF813000
Size:	61440

Details

Name:	00000004.00000002.523532867.0000027078E5A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E5A000
Size:	61440

Details

Name:	00000007.00000002.523157318.0000007C8207F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C8207F000
Size:	4096

Details

Name:	00000008.00000002.523476611.000001A46583D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A46583D000
Size:	98304

Details

Name:	00000003.00000002.523232059.000000F9948FC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9948FC000
Size:	16384

Details

Name:	00000003.00000002.523697639.0000023FA0713000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0713000
Size:	12288

Details

Name:	00000000.00000002.523346176.0000000000620000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	620000
Size:	12288

Details

Name:	00000007.00000002.523328240.000001A2AED60000.00000004.00000800.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1A2AED60000
Size:	4096

Details

Name:	00000007.00000002.524003224.000001A2AF7B0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF7B0000
Size:	36864

Details

Name:	00000002.00000002.523444352.00000257BE7D0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	257BE7D0000
Size:	4096

Details

Name:	00000009.00000002.428364863.000002C74F790000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F790000
Size:	8192

Details

Name:	00000008.00000003.299800923.000001A4657E0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	1A4657E0000
Size:	4096

Details

Name:	00000003.00000003.284311699.0000023FA0659000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0659000
Size:	4096

Details

Name:	00000005.00000003.310233519.0000021EB2276000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2276000
Size:	16384

Details

Name:	00000001.00000002.523531661.00000189783A0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	189783A0000
Size:	4096

Details

Name:	00000002.00000002.523403409.000000FCF47FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF47FE000
Size:	8192

Details

Name:	00000009.00000002.428289609.000000D35D47E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	D35D47E000
Size:	8192

Details

Name:	00000005.00000002.311059512.0000021EB227C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB227C000
Size:	16384

Details

Name:	00000005.00000003.310268390.0000021EB2262000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2262000
Size:	4096

Details

Name:	00000003.00000002.523185488.000000F9944FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9944FF000
Size:	4096

Details

Name:	00000004.00000002.523276474.0000008DEE1FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEE1FE000
Size:	8192

Details

Name:	00000000.00000002.523539634.0000000000816000.00000040.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page execute and read and write
Base address:	816000
Size:	77824

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000000.00000002.523151109.0000000000405000.00000040.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	405000
Size:	4096

Details

Name:	00000002.00000002.523424341.00000257BE670000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE670000
Size:	4096

Details

Name:	00000007.00000002.523744243.000001A2AEF13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEF13000
Size:	462848

Details

Name:	00000009.00000002.428407784.000002C74F829000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F829000
Size:	16384

Details

Name:	00000007.00000002.523855559.000001A2AEFB9000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEFB9000
Size:	176128

Details

Name:	00000000.00000002.523867576.00000000026C9000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	26C9000
Size:	49152

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection

Details

Name:	00000003.00000003.284157198.0000023FA0648000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0648000
Size:	4096

Details

Name:	00000003.00000002.523216584.000000F9947FD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9947FD000
Size:	12288

Details

Name:	00000001.00000002.523248636.0000018977BE0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977BE0000
Size:	4096

Details

Name:	00000002.00000002.523748758.00000257BE8BB000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE8BB000
Size:	24576

Details

Name:	00000000.00000002.523891583.000000000289E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	289E000
Size:	8192

Details

Name:	00000009.00000002.428475133.000002C750002000.00000004.00000800.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	2C750002000
Size:	4096

Details

Name:	00000004.00000002.523424996.0000027078E29000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E29000
Size:	94208

Details

Name:	00000002.00000002.523380272.000000FCF46FC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF46FC000
Size:	16384

Details

Name:	00000003.00000002.523269158.000000F994AFD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F994AFD000
Size:	12288

Details

Name:	00000002.00000002.523235636.000000FCF427C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF427C000
Size:	16384

Details

Name:	00000000.00000002.523280536.000000000049F000.00000002.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	49F000
Size:	57344

Details

Name:	00000003.00000003.285122374.0000023FA05D0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	23FA05D0000
Size:	4096

Details

Name:	00000007.00000002.524046694.000001A2AF800000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF800000
Size:	4096

Details

Name:	00000004.00000002.523618935.0000027078E75000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E75000
Size:	4096

Details

Name:	00000001.00000002.523435525.0000018977E55000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E55000
Size:	36864

Details

Name:	00000000.00000000.255961360.0000000000401000.00000020.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page execute read
Base address:	401000
Size:	49152

Details

Name:	00000007.00000002.523625132.000001A2AEE8A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE8A000
Size:	12288

Details

Name:	00000000.00000002.523214636.000000000040F000.00000008.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	40F000
Size:	65536

Details

Name:	00000003.00000002.523380574.0000023FA0613000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0613000
Size:	90112

Details

Name:	00000004.00000002.523468164.0000027078E41000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E41000
Size:	90112

Details

Name:	00000009.00000002.428428999.000002C74F83C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F83C000
Size:	32768

Details

Name:	00000009.00000002.428304115.000000D35D679000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	D35D679000
Size:	28672

Details

Name:	00000007.00000002.523916498.000001A2AF602000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF602000
Size:	4096

Details

Name:	00000000.00000002.523151109.0000000000403000.00000040.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	403000
Size:	4096

Details

Name:	00000004.00000002.523261368.0000008DEE0FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEE0FF000
Size:	4096

Details

Name:	00000002.00000002.523748758.00000257BE8C3000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE8C3000
Size:	32768

Details

Name:	00000005.00000003.310364265.0000021EB2248000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2248000
Size:	4096

Details

Name:	00000007.00000002.523444503.000001A2AEE3C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE3C000
Size:	110592

Details

Name:	00000007.00000002.523412494.000001A2AEE29000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE29000
Size:	73728

Details

Name:	00000007.00000003.300017876.000001A2AF702000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF702000
Size:	131072

Details

Name:	00000003.00000002.523195199.000000F9945FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F9945FF000
Size:	4096

Details

Name:	00000005.00000002.310846947.0000021EB2213000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2213000
Size:	86016

Details

Name:	00000002.00000002.523217417.000000FCF41FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF41FF000
Size:	4096

Details

Name:	00000001.00000002.523138980.0000005C0F87B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C0F87B000
Size:	20480

Details

Name:	00000007.00000002.523266026.0000007C8257F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C8257F000
Size:	4096

Details

Name:	00000002.00000002.523508925.00000257BE829000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE829000
Size:	81920

Details

Name:	00000001.00000002.523494717.0000018977F00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977F00000
Size:	4096

Details

Name:	00000000.00000002.523851163.000000000231E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	231E000
Size:	8192

Details

Name:	00000009.00000002.428375850.000002C74F802000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F802000
Size:	65536

Details

Name:	00000007.00000002.523237585.0000007C823FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C823FF000
Size:	4096

Details

Name:	00000007.00000002.523653457.000001A2AEE92000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE92000
Size:	524288

Details

Name:	00000008.00000002.523445180.000001A465829000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465829000
Size:	77824

Details

Name:	00000004.00000002.523292607.0000008DEE2FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEE2FE000
Size:	8192

Details

Name:	00000008.00000002.523240301.00000024C21FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C21FE000
Size:	8192

Details

Name:	00000008.00000002.523147154.00000024C1CFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C1CFE000
Size:	8192

Details

Name:	00000007.00000002.523383376.000001A2AEE13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE13000
Size:	86016

Details

Name:	00000008.00000002.523518370.000001A465902000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465902000
Size:	28672

Details

Name:	00000009.00000002.428311871.000000D35D77F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	D35D77F000
Size:	4096

Details

Name:	00000005.00000003.310251678.0000021EB2263000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2263000
Size:	16384

Details

Name:	00000000.00000002.523151109.0000000000407000.00000040.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	407000
Size:	32768

Details

Name:	00000007.00000002.523625132.000001A2AEE78000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE78000
Size:	36864

Details

Name:	00000007.00000002.524091470.000001A2AF830000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF830000
Size:	53248

Details

Name:	00000002.00000002.523589876.00000257BE83E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE83E000
Size:	184320

Details

Name:	00000007.00000002.524039925.000001A2AF7D2000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF7D2000
Size:	4096

Details

Name:	00000002.00000002.523699259.00000257BE86C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE86C000
Size:	114688

Details

Name:	00000005.00000003.310370919.0000021EB2247000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2247000
Size:	4096

Details

Name:	00000005.00000002.310758896.0000021EB1FB0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB1FB0000
Size:	4096

Details

Name:	00000005.00000003.310386991.0000021EB2246000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2246000
Size:	4096

Details

Name:	00000003.00000002.523294725.0000023FA04F0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA04F0000
Size:	4096

Details

Name:	00000003.00000002.523723817.0000023FA20B0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	23FA20B0000
Size:	8192

Details

Name:	00000000.00000002.523258051.000000000041F000.00000004.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	41F000
Size:	8192

Details

Name:	00000004.00000002.523635329.0000027078F02000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078F02000
Size:	32768

Details

Name:	00000007.00000002.523292535.000001A2AECC0000.00000004.00000020.00040000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AECC0000
Size:	4096

Details

Name:	00000000.00000002.523420446.0000000000791000.00000020.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page execute read
Base address:	791000
Size:	32768

Details

Name:	00000005.00000002.310908885.0000021EB224B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB224B000
Size:	8192

Details

Name:	00000008.00000002.523301406.000001A4656B0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A4656B0000
Size:	8192

Details

Name:	00000009.00000002.428297510.000000D35D57F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	D35D57F000
Size:	4096

Details

Name:	00000003.00000003.284478963.0000023FA0649000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0649000
Size:	4096

Details

Name:	00000008.00000002.523329333.000001A465800000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465800000
Size:	4096

Details

Name:	00000005.00000002.310821031.0000021EB2200000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2200000
Size:	73728

Details

Name:	00000007.00000002.523894481.000001A2AEFE5000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEFE5000
Size:	110592

Details

Name:	00000000.00000002.523636233.0000000000829000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	829000
Size:	114688

Details

Name:	00000008.00000002.523123876.00000024C178B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C178B000
Size:	20480

Details

Name:	00000009.00000002.428279079.000000D35D27C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	D35D27C000
Size:	16384

Details

Name:	00000004.00000002.523391126.0000027078E13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E13000
Size:	86016

Details

Name:	00000002.00000002.523267625.000000FCF437C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF437C000
Size:	16384

Details

Name:	00000001.00000002.523476448.0000018977E75000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E75000
Size:	12288

Details

Name:	00000000.00000002.523315446.0000000000610000.00000040.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	direct allocation
Protect:	page execute and read and write
Base address:	610000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

Details

Name:	00000003.00000003.284478963.0000023FA0659000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0659000
Size:	4096

Details

Name:	00000007.00000002.523213574.0000007C822FA000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C822FA000
Size:	24576

Details

Name:	00000000.00000002.523952817.000000000366E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	366E000
Size:	8192

Details

Name:	00000004.00000002.523155335.0000008DED97B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DED97B000
Size:	20480

Details

Name:	00000000.00000002.523904427.0000000002930000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2930000
Size:	4096

Details

Name:	00000007.00000002.523625132.000001A2AEE86000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE86000
Size:	12288

Details

Name:	00000007.00000003.298544805.000001A2AEE43000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE43000
Size:	4096

Details

Name:	00000004.00000002.523194693.0000008DEDBFF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDBFF000
Size:	4096

Details

Name:	00000001.00000002.523476448.0000018977E79000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E79000
Size:	20480

Details

Name:	00000005.00000002.310669919.000000C6632CC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C6632CC000
Size:	16384

Details

Name:	00000008.00000003.299806232.000001A4657E0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	1A4657E0000
Size:	4096

Details

Name:	00000008.00000002.523161659.00000024C1DFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C1DFE000
Size:	8192

Details

Name:	00000000.00000002.523834202.0000000002290000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2290000
Size:	16384

Details

Name:	00000000.00000002.523446135.000000000079A000.00000004.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page read and write
Base address:	79A000
Size:	8192

Details

Name:	00000008.00000002.523313957.000001A4657B0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1A4657B0000
Size:	4096

Details

Name:	00000005.00000003.310308631.0000021EB2261000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2261000
Size:	4096

Details

Name:	00000004.00000002.523246753.0000008DEDFFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDFFE000
Size:	8192

Details

Name:	00000008.00000002.523193915.00000024C1F7F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C1F7F000
Size:	4096

Details

Name:	00000000.00000003.259687128.0000000000630000.00000004.00001000.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	direct allocation
Protect:	page read and write
Base address:	630000
Size:	40960

Details

Name:	00000000.00000002.523151109.0000000000400000.00000040.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	8192

Details

Name:	00000004.00000002.523216788.0000008DEDDFD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDDFD000
Size:	12288

Details

Name:	00000007.00000003.299596459.000001A2AEE6A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE6A000
Size:	32768

Details

Name:	00000007.00000002.524012855.000001A2AF7BC000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF7BC000
Size:	49152

Details

Name:	00000002.00000002.523824508.00000257BF132000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BF132000
Size:	4096

Details

Name:	00000008.00000002.523135224.00000024C1C7F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C1C7F000
Size:	4096

Details

Name:	00000004.00000002.523133579.0000008DED54B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DED54B000
Size:	20480

Details

Name:	00000008.00000002.523206310.00000024C207D000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C207D000
Size:	12288

Details

Name:	00000003.00000002.523652634.0000023FA0672000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0672000
Size:	8192

Details

Name:	00000002.00000002.523434188.00000257BE6D0000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE6D0000
Size:	8192

Details

Name:	00000000.00000002.523374087.000000000066C000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	66C000
Size:	16384

Details

Name:	00000007.00000002.523189292.0000007C821F9000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C821F9000
Size:	28672

Details

Name:	00000005.00000002.310914488.0000021EB224E000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB224E000
Size:	4096

Details

Name:	00000000.00000002.523806122.000000000221E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	221E000
Size:	8192

Details

Name:	00000009.00000002.428407784.000002C74F836000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F836000
Size:	20480

Details

Name:	00000003.00000002.523680908.0000023FA0700000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0700000
Size:	4096

Details

Name:	00000007.00000002.523922890.000001A2AF700000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF700000
Size:	8192

Details

Name:	00000008.00000002.523404376.000001A46581F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A46581F000
Size:	36864

Details

Name:	00000007.00000002.523932002.000001A2AF743000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF743000
Size:	65536

Details

Name:	00000004.00000002.523206802.0000008DEDCFF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDCFF000
Size:	4096

Details

Name:	00000007.00000002.523947657.000001A2AF754000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF754000
Size:	106496

Details

Name:	00000005.00000002.310684363.000000C66334E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C66334E000
Size:	8192

Details

Name:	00000002.00000002.523824508.00000257BF100000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BF100000
Size:	4096

Details

Name:	00000005.00000002.310734360.000000C663A7F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C663A7F000
Size:	4096

Details

Name:	00000001.00000002.523184588.0000005C0FC7E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	5C0FC7E000
Size:	8192

Details

Name:	00000005.00000002.310764123.0000021EB2010000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2010000
Size:	8192

Details

Name:	00000002.00000002.523483592.00000257BE813000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE813000
Size:	86016

Details

Name:	00000003.00000002.523676436.0000023FA068A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA068A000
Size:	4096

Details

Name:	00000000.00000002.523439795.0000000000799000.00000002.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page readonly
Base address:	799000
Size:	4096

Details

Name:	00000005.00000002.311077783.0000021EB2302000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2302000
Size:	16384

Details

Name:	00000005.00000002.311067633.0000021EB2282000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2282000
Size:	32768

Details

Name:	00000005.00000002.310931811.0000021EB225F000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB225F000
Size:	4096

Details

Name:	00000004.00000002.523654079.0000027079602000.00000004.00000800.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	27079602000
Size:	4096

Details

Name:	00000000.00000002.523861548.0000000002350000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2350000
Size:	4096

Details

Name:	00000005.00000003.310225100.0000021EB227A000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB227A000
Size:	24576

Details

Name:	00000008.00000002.523225141.00000024C217D000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C217D000
Size:	12288

Details

Name:	00000009.00000002.428345921.000002C74F730000.00000004.00000020.00040000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F730000
Size:	4096

Details

Name:	00000005.00000003.310406745.0000021EB2245000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2245000
Size:	4096

Details

Name:	00000009.00000002.428448192.000002C74F854000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F854000
Size:	20480

Details

Name:	00000000.00000003.437963029.0000000002D2B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D2B000
Size:	4096

Details

Name:	00000009.00000002.428375850.000002C74F800000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F800000
Size:	4096

Details

Name:	00000005.00000003.310566044.0000021EB222D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB222D000
Size:	40960

Details

Name:	00000000.00000002.523127061.000000000019B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	19B000
Size:	20480

Details

Name:	00000001.00000002.523494717.0000018977F02000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977F02000
Size:	53248

Details

Name:	00000002.00000002.523809953.00000257BE913000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE913000
Size:	4096

Details

Name:	00000007.00000002.524046694.000001A2AF802000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF802000
Size:	65536

Details

Name:	00000004.00000002.523327339.0000027078C90000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078C90000
Size:	8192

Details

Name:	00000000.00000002.523096475.0000000000030000.00000004.00000020.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	30000
Size:	4096

Details

Name:	00000003.00000002.523283088.0000023FA04E0000.00000004.00000020.00040000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA04E0000
Size:	4096

Details

Name:	00000007.00000002.523520137.000001A2AEE58000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE58000
Size:	61440

Details

Name:	00000000.00000003.481196020.0000000002D2B000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	2D2B000
Size:	4096

Details

Name:	00000007.00000002.523248930.0000007C824FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C824FE000
Size:	8192

Details

Name:	00000005.00000002.310724405.000000C66397E000.00000004.00000010.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	C66397E000
Size:	8192

Details

Name:	00000002.00000002.523177527.000000FCF3EFC000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF3EFC000
Size:	16384

Details

Name:	00000000.00000002.523928790.000000000336F000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	336F000
Size:	4096

Details

Name:	00000004.00000002.523306220.0000027078C20000.00000004.00000020.00040000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078C20000
Size:	4096

Details

Name:	00000001.00000002.523372870.0000018977E28000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E28000
Size:	77824

Details

Name:	00000005.00000002.310902031.0000021EB2242000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2242000
Size:	8192

Details

Name:	00000005.00000003.310213674.0000021EB2273000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2273000
Size:	53248

Details

Name:	00000002.00000002.523796087.00000257BE902000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE902000
Size:	32768

Details

Name:	00000004.00000002.523618935.0000027078E77000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E77000
Size:	24576

Details

Name:	00000004.00000002.523230612.0000008DEDEFE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	8DEDEFE000
Size:	8192

Details

Name:	00000003.00000002.523327623.0000023FA05A0000.00000004.00000800.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	23FA05A0000
Size:	4096

Details

Name:	00000005.00000003.310314303.0000021EB2260000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2260000
Size:	4096

Details

Name:	00000008.00000002.523263976.000001A465640000.00000004.00000020.00040000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A465640000
Size:	4096

Details

Name:	00000000.00000000.255973139.000000000040D000.00000008.00000001.01000000.00000003.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown
Protect:	page write copy
Base address:	40D000
Size:	77824

Details

Name:	00000000.00000002.523467169.0000000000800000.00000004.00000020.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	800000
Size:	32768

Details

Name:	00000005.00000002.310888891.0000021EB2239000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2239000
Size:	4096

Details

Name:	00000004.00000002.523648747.0000027078F13000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078F13000
Size:	4096

Details

Name:	00000007.00000003.299987595.000001A2AF722000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AF722000
Size:	131072

Details

Name:	00000007.00000002.523132522.0000007C81F7B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	7C81F7B000
Size:	20480

Details

Name:	00000003.00000002.523339349.0000023FA0600000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA0600000
Size:	4096

Details

Name:	00000007.00000002.523314004.000001A2AED30000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AED30000
Size:	8192

Details

Name:	00000007.00000002.523356107.000001A2AEE00000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE00000
Size:	73728

Details

Name:	00000009.00000002.428393353.000002C74F813000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F813000
Size:	86016

Details

Name:	00000001.00000002.523397577.0000018977E3C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	18977E3C000
Size:	98304

Details

Name:	00000008.00000002.523507579.000001A46585C000.00000004.00000020.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	1A46585C000
Size:	28672

Details

Name:	00000008.00000002.523532871.000001A466002000.00000004.00000800.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	1A466002000
Size:	4096

Details

Name:	00000003.00000003.284904943.0000023FA05D0000.00000004.00000400.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	remote allocation
Protect:	page read and write
Base address:	23FA05D0000
Size:	4096

Details

Name:	00000002.00000002.523775374.00000257BE8CC000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BE8CC000
Size:	98304

Details

Name:	00000004.00000002.523342230.0000027078D90000.00000004.00000800.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	trusted library allocation
Protect:	page read and write
Base address:	27078D90000
Size:	4096

Details

Name:	00000003.00000002.523519517.0000023FA063D000.00000004.00000020.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	23FA063D000
Size:	163840

Details

Name:	00000000.00000002.523797636.00000000021DE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	21DE000
Size:	8192

Details

Name:	00000009.00000002.428461774.000002C74F902000.00000004.00000020.00020000.00000000.sdmp
TargetID:	9
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	2C74F902000
Size:	16384

Details

Name:	00000004.00000003.284660183.0000027078E54000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	27078E54000
Size:	20480

Details

Name:	00000002.00000002.523203045.000000FCF40FE000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF40FE000
Size:	8192

Details

Name:	00000008.00000002.523176308.00000024C1EFD000.00000004.00000010.00020000.00000000.sdmp
TargetID:	8
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	24C1EFD000
Size:	12288

Details

Name:	00000007.00000003.298455158.000001A2AEE43000.00000004.00000020.00020000.00000000.sdmp
TargetID:	7
Dumpstage:	free memory
Regiontype:	heap
Protect:	page read and write
Base address:	1A2AEE43000
Size:	53248

Details

Name:	00000005.00000002.311046721.0000021EB2279000.00000004.00000020.00020000.00000000.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	21EB2279000
Size:	4096

Details

Name:	00000000.00000002.523460386.000000000079C000.00000002.10000000.00040000.00000000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unclassified section
Protect:	page readonly
Base address:	79C000
Size:	4096

Details

Name:	00000003.00000002.523146303.000000F993F6B000.00000004.00000010.00020000.00000000.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	F993F6B000
Size:	20480

Details

Name:	00000002.00000002.523815892.00000257BF002000.00000004.00000020.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	257BF002000
Size:	4096

Details

Name:	00000002.00000002.523361221.000000FCF45FF000.00000004.00000010.00020000.00000000.sdmp
TargetID:	2
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	FCF45FF000
Size:	4096

Details

Name:	00000004.00000002.523356555.0000027078E02000.00000004.00000020.00020000.00000000.sdmp
TargetID:	4
Dumpstage:	process exit
Regiontype:	heap
Protect:	page read and write
Base address:	27078E02000
Size:	65536

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
server.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportserver.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
server.exe