DF2000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DF2000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
7FFB4AF30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3896138511.00007FFB4AF30000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AF30000
|
Size: |
4096
|
|
1700000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3892904302.0000000001700000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1700000
|
Size: |
8192
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891440183.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B0000
|
Size: |
12288
|
|
7FFB4AD9D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895941227.00007FFB4AD9D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD9D000
|
Size: |
4096
|
|
1131000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891387456.0000000001131000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1131000
|
Size: |
61440
|
|
1C04E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895422908.000000001C04E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C04E000
|
Size: |
8192
|
|
1C050000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895440420.000000001C050000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C050000
|
Size: |
286720
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
12A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.00000000012A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A1000
|
Size: |
12288
|
|
1750000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893265712.0000000001750000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1750000
|
Size: |
12288
|
|
1B464000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895175213.000000001B464000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B464000
|
Size: |
4096
|
|
1C7CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895740169.000000001C7CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C7CC000
|
Size: |
16384
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
4096
|
|
150C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3892700886.000000000150C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
150C000
|
Size: |
16384
|
|
7FFB4AE90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3896065951.00007FFB4AE90000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AE90000
|
Size: |
45056
|
|
1200000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891472098.0000000001200000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1200000
|
Size: |
12288
|
|
DF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.3891364457.0000000000DF0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DF0000
|
Size: |
4096
|
|
12A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.00000000012A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A5000
|
Size: |
323584
|
|
7FFB4AE56000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3896049958.00007FFB4AE56000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AE56000
|
Size: |
4096
|
|
7FFB4AE30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3896030407.00007FFB4AE30000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AE30000
|
Size: |
4096
|
|
7FFB4AD90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895907719.00007FFB4AD90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD90000
|
Size: |
4096
|
|
130E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3894960511.00000000130E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
130E8000
|
Size: |
28672
|
|
125B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.000000000125B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
125B000
|
Size: |
36864
|
|
30D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893723357.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30D0000
|
Size: |
4096
|
|
DF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1442592307.0000000000DF0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DF0000
|
Size: |
4096
|
|
1BAEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895279939.000000001BAEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BAEE000
|
Size: |
8192
|
|
1BF4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895404860.000000001BF4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BF4E000
|
Size: |
8192
|
|
1C0B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895440420.000000001C0B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C0B9000
|
Size: |
106496
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
130E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3894960511.00000000130E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
130E1000
|
Size: |
24576
|
|
1245000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001245000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1245000
|
Size: |
86016
|
|
1C6CA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895715774.000000001C6CA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C6CA000
|
Size: |
24576
|
|
1733000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893097704.0000000001733000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1733000
|
Size: |
53248
|
|
1C4CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895679454.000000001C4CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C4CE000
|
Size: |
8192
|
|
1265000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001265000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1265000
|
Size: |
49152
|
|
DFC000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1442623913.0000000000DFC000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DFC000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
1BB40000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895317941.000000001BB40000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1BB40000
|
Size: |
4096
|
|
7FF4A8030000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895762356.00007FF4A8030000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF4A8030000
|
Size: |
4096
|
|
1B110000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895140619.000000001B110000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1B110000
|
Size: |
4096
|
|
1272000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001272000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1272000
|
Size: |
8192
|
|
7FFB4AE20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895979149.00007FFB4AE20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AE20000
|
Size: |
4096
|
|
2F50000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3893692185.0000000002F50000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F50000
|
Size: |
4096
|
|
7FFB4AD74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895811924.00007FFB4AD74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD74000
|
Size: |
8192
|
|
1180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891406109.0000000001180000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1180000
|
Size: |
4096
|
|
11D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891456885.00000000011D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11D0000
|
Size: |
4096
|
|
1316000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001316000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1316000
|
Size: |
102400
|
|
1755000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893265712.0000000001755000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1755000
|
Size: |
28672
|
|
7FFB4AD73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895796039.00007FFB4AD73000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD73000
|
Size: |
4096
|
|
12F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.00000000012F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F8000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2F23000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893536077.0000000002F23000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F23000
|
Size: |
12288
|
|
1C2C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895658778.000000001C2C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C2C0000
|
Size: |
12288
|
|
1BB2F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895300640.000000001BB2F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BB2F000
|
Size: |
4096
|
|
7FFB4AE2C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3896009969.00007FFB4AE2C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AE2C000
|
Size: |
4096
|
|
160C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3892819085.000000000160C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
160C000
|
Size: |
16384
|
|
7FFB4AD80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895846297.00007FFB4AD80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD80000
|
Size: |
4096
|
|
1C0AC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895440420.000000001C0AC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C0AC000
|
Size: |
49152
|
|
1BC4A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895334751.000000001BC4A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BC4A000
|
Size: |
24576
|
|
7FFB4AE26000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895995444.00007FFB4AE26000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AE26000
|
Size: |
4096
|
|
7FFB4AD94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895923376.00007FFB4AD94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD94000
|
Size: |
4096
|
|
7FFB4AD70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895780418.00007FFB4AD70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD70000
|
Size: |
4096
|
|
7FFB4AD7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895828749.00007FFB4AD7D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD7D000
|
Size: |
12288
|
|
7FFB4AF10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3896092882.00007FFB4AF10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF10000
|
Size: |
36864
|
|
7FFB4AD8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895888880.00007FFB4AD8D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD8D000
|
Size: |
12288
|
|
1C5CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895697184.000000001C5CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C5CE000
|
Size: |
8192
|
|
1190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891424349.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
4096
|
|
31C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893737939.00000000031C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31C1000
|
Size: |
5672960
|
|
1720000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3892976837.0000000001720000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1720000
|
Size: |
4096
|
|
123C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.000000000123C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
123C000
|
Size: |
32768
|
|
30E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893737939.00000000030E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
30E1000
|
Size: |
913408
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
1B66D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895228453.000000001B66D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B66D000
|
Size: |
12288
|
|
1BD44000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895357267.000000001BD44000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BD44000
|
Size: |
49152
|
|
2F30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893677483.0000000002F30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F30000
|
Size: |
4096
|
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3896118960.00007FFB4AF20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AF20000
|
Size: |
8192
|
|
7FFB4ADCC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.3895962599.00007FFB4ADCC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4ADCC000
|
Size: |
8192
|
|
1275000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001275000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1275000
|
Size: |
20480
|
|
1730000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893097704.0000000001730000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1730000
|
Size: |
8192
|
|
1BE4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895385967.000000001BE4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BE4E000
|
Size: |
8192
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891511058.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
45056
|
|
1205000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3891472098.0000000001205000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1205000
|
Size: |
20480
|
|
130F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3894960511.00000000130F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
130F1000
|
Size: |
368640
|
|
7FFB4AD82000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895846297.00007FFB4AD82000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD82000
|
Size: |
45056
|
|
1C099000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895440420.000000001C099000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C099000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893536077.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F20000
|
Size: |
8192
|
|
1BAA5000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3895251953.000000001BAA5000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BAA5000
|
Size: |
45056
|
|
305E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.3893708717.000000000305E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
305E000
|
Size: |
8192
|
|