32000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
32000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
41F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.000000000041F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
41F000
|
Size: |
12288
|
|
1B97C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936730246.000000001B97C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B97C000
|
Size: |
16384
|
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936784532.00007FFB4AF20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF20000
|
Size: |
4096
|
|
43E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.000000000043E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
43E000
|
Size: |
4096
|
|
1A260000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936174974.000000001A260000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1A260000
|
Size: |
4096
|
|
7FFB4AF32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936842724.00007FFB4AF32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF32000
|
Size: |
45056
|
|
1AC80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936341997.000000001AC80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AC80000
|
Size: |
8192
|
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3937062100.00007FFB4B0C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B0C0000
|
Size: |
36864
|
|
42A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.000000000042A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
42A000
|
Size: |
77824
|
|
1AE84000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936401933.000000001AE84000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AE84000
|
Size: |
49152
|
|
790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934772650.0000000000790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
790000
|
Size: |
12288
|
|
1B190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936478722.000000001B190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B190000
|
Size: |
176128
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
40C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.000000000040C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
40C000
|
Size: |
32768
|
|
760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934695911.0000000000760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
760000
|
Size: |
8192
|
|
7FFB4AF2D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936827365.00007FFB4AF2D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF2D000
|
Size: |
12288
|
|
3C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1469956381.000000000003C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3C000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
7FFB4AFD6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936975618.00007FFB4AFD6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AFD6000
|
Size: |
4096
|
|
7FFB4AF4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936928243.00007FFB4AF4D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF4D000
|
Size: |
4096
|
|
222E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934903179.000000000222E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
222E000
|
Size: |
8192
|
|
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3937084812.00007FFB4B0D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B0D0000
|
Size: |
8192
|
|
400000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000400000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
400000
|
Size: |
45056
|
|
2231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934920917.0000000002231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2231000
|
Size: |
6590464
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936842724.00007FFB4AF30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF30000
|
Size: |
4096
|
|
7FFB4AF3D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936880656.00007FFB4AF3D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF3D000
|
Size: |
12288
|
|
1AC7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936320504.000000001AC7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AC7E000
|
Size: |
8192
|
|
1BA7C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936752489.000000001BA7C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BA7C000
|
Size: |
16384
|
|
7FFB4AF40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936900060.00007FFB4AF40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF40000
|
Size: |
4096
|
|
440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
440000
|
Size: |
4096
|
|
2110000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3934872457.0000000002110000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2110000
|
Size: |
4096
|
|
12241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936011877.0000000012241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12241000
|
Size: |
364544
|
|
1B470000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936662568.000000001B470000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B470000
|
Size: |
12288
|
|
1B18E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936464031.000000001B18E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B18E000
|
Size: |
8192
|
|
415000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000415000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
415000
|
Size: |
36864
|
|
7FFB4AF23000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936797843.00007FFB4AF23000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF23000
|
Size: |
4096
|
|
2120000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934887459.0000000002120000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2120000
|
Size: |
4096
|
|
7FFB4B040000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3937037404.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B040000
|
Size: |
45056
|
|
795000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934772650.0000000000795000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
795000
|
Size: |
20480
|
|
1B87A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936710691.000000001B87A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B87A000
|
Size: |
24576
|
|
1AD8A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936380855.000000001AD8A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AD8A000
|
Size: |
24576
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934624781.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
12288
|
|
7FFB4AF7C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936942268.00007FFB4AF7C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF7C000
|
Size: |
8192
|
|
7FFB4AF44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936914152.00007FFB4AF44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF44000
|
Size: |
4096
|
|
7FFB4AFE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3937007634.00007FFB4AFE0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AFE0000
|
Size: |
4096
|
|
12238000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936011877.0000000012238000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12238000
|
Size: |
28672
|
|
1B1BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936478722.000000001B1BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B1BC000
|
Size: |
151552
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
7FFB4AF24000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936812362.00007FFB4AF24000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF24000
|
Size: |
8192
|
|
7FFB4AFDC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936992022.00007FFB4AFDC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AFDC000
|
Size: |
4096
|
|
1A7BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936258896.000000001A7BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1A7BC000
|
Size: |
16384
|
|
1AC3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936303534.000000001AC3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AC3E000
|
Size: |
8192
|
|
750000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934677950.0000000000750000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
750000
|
Size: |
4096
|
|
775000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934733138.0000000000775000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
775000
|
Size: |
28672
|
|
89E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934813180.000000000089E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
89E000
|
Size: |
8192
|
|
1AF8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936430491.000000001AF8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AF8E000
|
Size: |
8192
|
|
479000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000479000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
479000
|
Size: |
303104
|
|
2090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934849932.0000000002090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2090000
|
Size: |
4096
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934242530.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D0000
|
Size: |
4096
|
|
730000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934660082.0000000000730000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
730000
|
Size: |
8192
|
|
1B08E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936448525.000000001B08E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B08E000
|
Size: |
8192
|
|
423000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000423000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
423000
|
Size: |
24576
|
|
770000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934733138.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
770000
|
Size: |
12288
|
|
2080000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3934832738.0000000002080000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2080000
|
Size: |
4096
|
|
1B67A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936684817.000000001B67A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B67A000
|
Size: |
24576
|
|
12231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936011877.0000000012231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12231000
|
Size: |
24576
|
|
1B1F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936478722.000000001B1F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B1F7000
|
Size: |
98304
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
46E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.000000000046E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46E000
|
Size: |
40960
|
|
4C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.00000000004C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C4000
|
Size: |
241664
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
1AC83000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936341997.000000001AC83000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AC83000
|
Size: |
12288
|
|
1B1E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936478722.000000001B1E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B1E6000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
1ABF5000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936280009.000000001ABF5000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1ABF5000
|
Size: |
45056
|
|
7FFB4B006000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3937023108.00007FFB4B006000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B006000
|
Size: |
4096
|
|
7FF4E1E60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3936769464.00007FF4E1E60000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF4E1E60000
|
Size: |
4096
|
|
7FFB4B0E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3937101820.00007FFB4B0E0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B0E0000
|
Size: |
4096
|
|
30000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1469906826.0000000000030000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
30000
|
Size: |
4096
|
|
763000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934695911.0000000000763000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
763000
|
Size: |
53248
|
|
442000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934258355.0000000000442000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
442000
|
Size: |
28672
|
|
6CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934607610.00000000006CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6CE000
|
Size: |
8192
|
|
30000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3934183846.0000000000030000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
30000
|
Size: |
4096
|
|
1A5BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936207868.000000001A5BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1A5BC000
|
Size: |
4096
|
|
7FFB4AFD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3936958709.00007FFB4AFD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AFD0000
|
Size: |
4096
|
|
171000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934206619.0000000000171000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
171000
|
Size: |
61440
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934642617.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F0000
|
Size: |
4096
|
|
1C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3934225417.00000000001C0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C0000
|
Size: |
4096
|
|