2501000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2501000
|
Size: |
6709248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
1D2000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1D2000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara signature match |
System Summary |
|
|
7FFB4B252000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877359592.00007FFB4B252000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B252000
|
Size: |
45056
|
|
1AF63000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876379748.000000001AF63000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AF63000
|
Size: |
12288
|
|
1B498000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B498000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B498000
|
Size: |
40960
|
|
7FFB4B2FC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877634769.00007FFB4B2FC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B2FC000
|
Size: |
4096
|
|
632000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000632000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
632000
|
Size: |
24576
|
|
1250E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876078022.000000001250E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1250E000
|
Size: |
4096
|
|
651000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000651000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
651000
|
Size: |
4096
|
|
1AF4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876348089.000000001AF4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AF4E000
|
Size: |
8192
|
|
7FFB4B29C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877570656.00007FFB4B29C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B29C000
|
Size: |
8192
|
|
1B4DD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4DD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4DD000
|
Size: |
8192
|
|
1A888000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876201075.000000001A888000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1A888000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
8192
|
|
1BA8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877080046.000000001BA8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BA8C000
|
Size: |
16384
|
|
7FFB4B244000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877312343.00007FFB4B244000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B244000
|
Size: |
8192
|
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877589269.00007FFB4B2F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B2F0000
|
Size: |
4096
|
|
8F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874683567.00000000008F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8F0000
|
Size: |
4096
|
|
606000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000606000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
606000
|
Size: |
20480
|
|
1AF60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876379748.000000001AF60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AF60000
|
Size: |
8192
|
|
560000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874131534.0000000000560000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560000
|
Size: |
4096
|
|
1B35C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876645599.000000001B35C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B35C000
|
Size: |
16384
|
|
7FFB4B264000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877497167.00007FFB4B264000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B264000
|
Size: |
4096
|
|
5C6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005C6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5C6000
|
Size: |
20480
|
|
1B4D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4D9000
|
Size: |
12288
|
|
1B150000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3876581830.000000001B150000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1B150000
|
Size: |
4096
|
|
24BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874945255.00000000024BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
24BE000
|
Size: |
8192
|
|
1A530000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876158202.000000001A530000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1A530000
|
Size: |
4096
|
|
12508000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876078022.0000000012508000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12508000
|
Size: |
12288
|
|
7FF463020000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877213844.00007FF463020000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF463020000
|
Size: |
4096
|
|
24F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874970170.00000000024F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24F0000
|
Size: |
4096
|
|
1AECA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876289934.000000001AECA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AECA000
|
Size: |
24576
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
7FFB4B360000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B360000
|
Size: |
45056
|
|
940000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874752405.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940000
|
Size: |
12288
|
|
570000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874151034.0000000000570000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
570000
|
Size: |
4096
|
|
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877659534.00007FFB4B300000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B300000
|
Size: |
4096
|
|
1B140000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876501480.000000001B140000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B140000
|
Size: |
12288
|
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877359592.00007FFB4B250000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B250000
|
Size: |
4096
|
|
12501000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876078022.0000000012501000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12501000
|
Size: |
24576
|
|
5F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F7000
|
Size: |
49152
|
|
890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874644806.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
890000
|
Size: |
4096
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874850717.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA5000
|
Size: |
24576
|
|
2350000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874900029.0000000002350000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2350000
|
Size: |
4096
|
|
8D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874664523.00000000008D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8D0000
|
Size: |
8192
|
|
630000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000630000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
630000
|
Size: |
4096
|
|
1B4B1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4B1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4B1000
|
Size: |
69632
|
|
1B064000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876439127.000000001B064000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B064000
|
Size: |
49152
|
|
68D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.000000000068D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
68D000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
1D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.3874082186.00000000001D0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1D0000
|
Size: |
4096
|
|
23B0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3874921045.00000000023B0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
23B0000
|
Size: |
4096
|
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877748364.00007FFB4B3E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B3E0000
|
Size: |
36864
|
|
900000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874710299.0000000000900000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
900000
|
Size: |
8192
|
|
514000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874110202.0000000000514000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
514000
|
Size: |
49152
|
|
1BC8A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877149254.000000001BC8A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BC8A000
|
Size: |
24576
|
|
1B25E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876615907.000000001B25E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B25E000
|
Size: |
8192
|
|
1BB8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877110781.000000001BB8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BB8C000
|
Size: |
16384
|
|
1BD8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877176291.000000001BD8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BD8C000
|
Size: |
16384
|
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877526927.00007FFB4B26D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B26D000
|
Size: |
4096
|
|
590000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874169320.0000000000590000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
590000
|
Size: |
12288
|
|
1B475000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B475000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B475000
|
Size: |
139264
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
1B4C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4C3000
|
Size: |
12288
|
|
7FFB4B24D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877337137.00007FFB4B24D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B24D000
|
Size: |
12288
|
|
7FFB4B25D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877414430.00007FFB4B25D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B25D000
|
Size: |
8192
|
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877468945.00007FFB4B260000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B260000
|
Size: |
4096
|
|
656000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000656000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
656000
|
Size: |
204800
|
|
1D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1423801703.00000000001D0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1D0000
|
Size: |
4096
|
|
1B460000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B460000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B460000
|
Size: |
81920
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874850717.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA0000
|
Size: |
12288
|
|
1B4C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4C9000
|
Size: |
32768
|
|
1B45F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876716591.000000001B45F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B45F000
|
Size: |
4096
|
|
5CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5CC000
|
Size: |
135168
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874798632.0000000000A4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A4E000
|
Size: |
8192
|
|
7FFB4B3F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877783035.00007FFB4B3F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B3F1000
|
Size: |
4096
|
|
639000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.0000000000639000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
639000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
5EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5EE000
|
Size: |
20480
|
|
1B4A4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876738859.000000001B4A4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B4A4000
|
Size: |
49152
|
|
945000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874752405.0000000000945000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
945000
|
Size: |
20480
|
|
7FFB4B243000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877260817.00007FFB4B243000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B243000
|
Size: |
4096
|
|
7FFB4B2F6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877613436.00007FFB4B2F6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B2F6000
|
Size: |
4096
|
|
88D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874623017.000000000088D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
88D000
|
Size: |
12288
|
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3877236433.00007FFB4B240000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4B240000
|
Size: |
4096
|
|
903000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874710299.0000000000903000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
903000
|
Size: |
53248
|
|
64D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.000000000064D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
64D000
|
Size: |
4096
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874200647.00000000005C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5C0000
|
Size: |
20480
|
|
B4C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3874828457.0000000000B4C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B4C000
|
Size: |
16384
|
|
1AF0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876327880.000000001AF0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AF0F000
|
Size: |
4096
|
|
7FFB4B326000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.3877687978.00007FFB4B326000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4B326000
|
Size: |
4096
|
|
1AA8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.3876255092.000000001AA8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AA8C000
|
Size: |
16384
|
|