842000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1365302764.0000000000842000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
842000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339486951.00007FF887B90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887B90000
|
Size: |
4096
|
|
2AAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337255961.0000000002AAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2AAF000
|
Size: |
4096
|
|
84C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1365320117.000000000084C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
84C000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
F9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337072040.0000000000F9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F9E000
|
Size: |
8192
|
|
E97000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000E97000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E97000
|
Size: |
32768
|
|
840000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1365283511.0000000000840000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
840000
|
Size: |
4096
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DA0000
|
Size: |
45056
|
|
7FF887D50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339925351.00007FF887D50000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887D50000
|
Size: |
4096
|
|
7FF887C50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339795171.00007FF887C50000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887C50000
|
Size: |
4096
|
|
7FF887C4C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339772581.00007FF887C4C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887C4C000
|
Size: |
4096
|
|
2BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BE0000
|
Size: |
2637824
|
|
1BDC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339320543.000000001BDC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDC0000
|
Size: |
12288
|
|
DDF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DDF000
|
Size: |
8192
|
|
7FF887C46000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339752810.00007FF887C46000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887C46000
|
Size: |
4096
|
|
1BA4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339103219.000000001BA4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BA4F000
|
Size: |
4096
|
|
1BB4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339128886.000000001BB4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BB4E000
|
Size: |
8192
|
|
981000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336426690.0000000000981000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
981000
|
Size: |
61440
|
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339580529.00007FF887BA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887BA0000
|
Size: |
4096
|
|
12B91000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338614358.0000000012B91000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B91000
|
Size: |
364544
|
|
D83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336630982.0000000000D83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
D83000
|
Size: |
53248
|
|
1C1CA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339372312.000000001C1CA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C1CA000
|
Size: |
24576
|
|
7FF887B93000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339510233.00007FF887B93000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887B93000
|
Size: |
4096
|
|
7FF887B9D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339556382.00007FF887B9D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887B9D000
|
Size: |
12288
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337098581.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10D0000
|
Size: |
4096
|
|
7FF887BBD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339693155.00007FF887BBD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887BBD000
|
Size: |
4096
|
|
11DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337181454.00000000011DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
11DE000
|
Size: |
8192
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336450307.00000000009D0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D0000
|
Size: |
4096
|
|
1C3CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339430286.000000001C3CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C3CC000
|
Size: |
16384
|
|
E64000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000E64000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E64000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1AF02000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338798586.000000001AF02000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AF02000
|
Size: |
4096
|
|
D10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336557306.0000000000D10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D10000
|
Size: |
4096
|
|
1B844000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339035298.000000001B844000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B844000
|
Size: |
49152
|
|
2E6C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2E6C000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
7FF887BB4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339673402.00007FF887BB4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887BB4000
|
Size: |
4096
|
|
1B10C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338852008.000000001B10C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B10C000
|
Size: |
16384
|
|
DD1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DD1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DD1000
|
Size: |
53248
|
|
D80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336630982.0000000000D80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
D80000
|
Size: |
8192
|
|
DCA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DCA000
|
Size: |
16384
|
|
2BCE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002BCE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BCE000
|
Size: |
69632
|
|
1200000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337202945.0000000001200000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1200000
|
Size: |
12288
|
|
1B658000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338976688.000000001B658000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B658000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1205000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337202945.0000000001205000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1205000
|
Size: |
16384
|
|
7FF887CB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339834915.00007FF887CB0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887CB0000
|
Size: |
45056
|
|
DE2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DE2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DE2000
|
Size: |
20480
|
|
7FF887BAD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339630860.00007FF887BAD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887BAD000
|
Size: |
12288
|
|
2E65000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002E65000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2E65000
|
Size: |
24576
|
|
2E6E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002E6E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2E6E000
|
Size: |
3526656
|
|
2B81000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337305908.0000000002B81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2B81000
|
Size: |
311296
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
1B740000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339006004.000000001B740000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1B740000
|
Size: |
4096
|
|
119E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337151955.000000000119E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
119E000
|
Size: |
8192
|
|
7FF887D40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339897235.00007FF887D40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887D40000
|
Size: |
8192
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336471313.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F0000
|
Size: |
12288
|
|
DAC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DAC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DAC000
|
Size: |
118784
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336534884.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF0000
|
Size: |
12288
|
|
7FF887BEC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339711702.00007FF887BEC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887BEC000
|
Size: |
8192
|
|
E0D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000E0D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E0D000
|
Size: |
20480
|
|
1BFCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339345885.000000001BFCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BFCE000
|
Size: |
8192
|
|
12B88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338614358.0000000012B88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B88000
|
Size: |
28672
|
|
7FF4BC520000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339456269.00007FF4BC520000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF4BC520000
|
Size: |
4096
|
|
2B70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2337277820.0000000002B70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B70000
|
Size: |
16384
|
|
7FF887C40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339732669.00007FF887C40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887C40000
|
Size: |
4096
|
|
1B94F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339071712.000000001B94F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B94F000
|
Size: |
4096
|
|
1B545000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338887840.000000001B545000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B545000
|
Size: |
45056
|
|
1B550000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338923782.000000001B550000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B550000
|
Size: |
8192
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336518516.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CD0000
|
Size: |
4096
|
|
D70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336606456.0000000000D70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
D70000
|
Size: |
4096
|
|
7FF887BA2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339580529.00007FF887BA2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887BA2000
|
Size: |
45056
|
|
DCF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DCF000
|
Size: |
4096
|
|
1B553000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338923782.000000001B553000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B553000
|
Size: |
12288
|
|
12B81000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2338614358.0000000012B81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B81000
|
Size: |
24576
|
|
D50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336577907.0000000000D50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
D50000
|
Size: |
8192
|
|
1BB50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339160136.000000001BB50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BB50000
|
Size: |
430080
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
840000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2336404120.0000000000840000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
840000
|
Size: |
4096
|
|
7FF887B94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339532769.00007FF887B94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887B94000
|
Size: |
8192
|
|
1110000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2337125028.0000000001110000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1110000
|
Size: |
4096
|
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339653346.00007FF887BB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887BB0000
|
Size: |
4096
|
|
E13000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000E13000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E13000
|
Size: |
319488
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1C2CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339404167.000000001C2CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C2CC000
|
Size: |
16384
|
|
7FF887C76000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2339814683.00007FF887C76000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF887C76000
|
Size: |
4096
|
|
1BBBA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339160136.000000001BBBA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BBBA000
|
Size: |
45056
|
|
E62000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336671495.0000000000E62000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E62000
|
Size: |
4096
|
|
7FF887D30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2339866780.00007FF887D30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FF887D30000
|
Size: |
36864
|
|
9F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2336471313.00000000009F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F5000
|
Size: |
12288
|
|