222000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.2124445370.0000000000222000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
222000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
670000
|
Size: |
4096
|
|
1B2C4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585724317.000000001B2C4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B2C4000
|
Size: |
49152
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583714549.00000000003C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3C0000
|
Size: |
4096
|
|
1B0C5000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585677069.000000001B0C5000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B0C5000
|
Size: |
45056
|
|
1B3CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585751209.000000001B3CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B3CE000
|
Size: |
8192
|
|
220000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2124419640.0000000000220000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
220000
|
Size: |
4096
|
|
7FF848D73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586152851.00007FF848D73000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D73000
|
Size: |
4096
|
|
7FF848E56000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586385844.00007FF848E56000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E56000
|
Size: |
4096
|
|
24AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584226245.00000000024AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
24AE000
|
Size: |
8192
|
|
673000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.0000000000673000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
673000
|
Size: |
20480
|
|
1AF1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585641384.000000001AF1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AF1F000
|
Size: |
4096
|
|
6F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.00000000006F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F2000
|
Size: |
4096
|
|
1B626000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585798294.000000001B626000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B626000
|
Size: |
12288
|
|
7FF848D74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586168429.00007FF848D74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D74000
|
Size: |
8192
|
|
2B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584307131.0000000002B2F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2B2F000
|
Size: |
1212416
|
|
2500000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4584274486.0000000002500000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2500000
|
Size: |
4096
|
|
7FF848E26000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586339429.00007FF848E26000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848E26000
|
Size: |
4096
|
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586201355.00007FF848D80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D80000
|
Size: |
4096
|
|
1B61A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585798294.000000001B61A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B61A000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
C40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584174973.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C40000
|
Size: |
12288
|
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586401167.00007FF848E90000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E90000
|
Size: |
45056
|
|
6F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.00000000006F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F4000
|
Size: |
241664
|
|
7FF848DCC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586307993.00007FF848DCC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848DCC000
|
Size: |
8192
|
|
7FF848D9D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586292318.00007FF848D9D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D9D000
|
Size: |
4096
|
|
1A640000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585538134.000000001A640000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1A640000
|
Size: |
4096
|
|
12621000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585388078.0000000012621000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12621000
|
Size: |
368640
|
|
850000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584022836.0000000000850000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
8192
|
|
12618000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585388078.0000000012618000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12618000
|
Size: |
28672
|
|
7FF44AB20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586120621.00007FF44AB20000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF44AB20000
|
Size: |
4096
|
|
7FF848D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586275644.00007FF848D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D94000
|
Size: |
4096
|
|
653000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.0000000000653000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
653000
|
Size: |
24576
|
|
22C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2124466815.000000000022C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
22C000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
1BBBB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586079174.000000001BBBB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BBBB000
|
Size: |
20480
|
|
840000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584008778.0000000000840000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
4096
|
|
12611000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585388078.0000000012611000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12611000
|
Size: |
24576
|
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586426787.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F10000
|
Size: |
36864
|
|
1AB9D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585622015.000000001AB9D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AB9D000
|
Size: |
12288
|
|
1A99D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585571199.000000001A99D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1A99D000
|
Size: |
4096
|
|
63D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.000000000063D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63D000
|
Size: |
28672
|
|
361000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583677352.0000000000361000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
361000
|
Size: |
61440
|
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586137319.00007FF848D70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D70000
|
Size: |
4096
|
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586467342.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848F30000
|
Size: |
4096
|
|
1B1CA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585702831.000000001B1CA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B1CA000
|
Size: |
24576
|
|
260E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584290344.000000000260E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
260E000
|
Size: |
8192
|
|
8C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584070177.00000000008C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C0000
|
Size: |
4096
|
|
7FF848D7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586184104.00007FF848D7D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D7D000
|
Size: |
12288
|
|
1B5CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585782933.000000001B5CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B5CE000
|
Size: |
8192
|
|
1B660000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585798294.000000001B660000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B660000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2611000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584307131.0000000002611000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2611000
|
Size: |
5361664
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584084890.00000000008F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8F0000
|
Size: |
12288
|
|
645000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.0000000000645000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
645000
|
Size: |
53248
|
|
220000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.4583654385.0000000000220000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
220000
|
Size: |
4096
|
|
65A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.000000000065A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
65A000
|
Size: |
86016
|
|
3E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583728076.00000000003E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E0000
|
Size: |
12288
|
|
1B62A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585798294.000000001B62A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B62A000
|
Size: |
200704
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
600000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583742636.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
600000
|
Size: |
4096
|
|
C85000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584191222.0000000000C85000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C85000
|
Size: |
24576
|
|
6A3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.00000000006A3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A3000
|
Size: |
303104
|
|
24C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584241368.00000000024C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C3000
|
Size: |
12288
|
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586259806.00007FF848D90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D90000
|
Size: |
4096
|
|
6EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.00000000006EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EE000
|
Size: |
12288
|
|
820000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583993343.0000000000820000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
820000
|
Size: |
8192
|
|
7FF848E2C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586355704.00007FF848E2C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E2C000
|
Size: |
4096
|
|
1B4CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585767478.000000001B4CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B4CE000
|
Size: |
8192
|
|
1B5D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4585798294.000000001B5D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B5D0000
|
Size: |
299008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
8F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584084890.00000000008F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8F5000
|
Size: |
24576
|
|
7FF848E30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586371057.00007FF848E30000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848E30000
|
Size: |
4096
|
|
1AFC0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4585658420.000000001AFC0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1AFC0000
|
Size: |
4096
|
|
3B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583696991.00000000003B0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3B0000
|
Size: |
4096
|
|
7FF848D82000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586201355.00007FF848D82000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848D82000
|
Size: |
45056
|
|
C0D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584158829.0000000000C0D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C0D000
|
Size: |
12288
|
|
69D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.000000000069D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
69D000
|
Size: |
20480
|
|
A0D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584123794.0000000000A0D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A0D000
|
Size: |
12288
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584055132.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8A0000
|
Size: |
4096
|
|
C80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584191222.0000000000C80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C80000
|
Size: |
12288
|
|
7FF848D8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4586241787.00007FF848D8D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF848D8D000
|
Size: |
12288
|
|
630000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4583758075.0000000000630000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
630000
|
Size: |
45056
|
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586324269.00007FF848E20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848E20000
|
Size: |
4096
|
|
853000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584022836.0000000000853000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
853000
|
Size: |
53248
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584241368.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C0000
|
Size: |
8192
|
|
1BCBA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586100443.000000001BCBA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BCBA000
|
Size: |
24576
|
|
1B9BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586058176.000000001B9BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B9BC000
|
Size: |
16384
|
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4586450655.00007FF848F20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF848F20000
|
Size: |
8192
|
|
B0C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4584141485.0000000000B0C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B0C000
|
Size: |
16384
|
|