2B61000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.4760685747.0000000002B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2B61000
|
Size: |
286720
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
922000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.2313202746.0000000000922000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
922000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Yara signature match |
System Summary |
|
|
7FFD3415D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765386624.00007FFD3415D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3415D000
|
Size: |
12288
|
|
2F09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760685747.0000000002F09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F09000
|
Size: |
356352
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
1BA80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA80000
|
Size: |
12288
|
|
1AEE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763898578.000000001AEE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1AEE0000
|
Size: |
4096
|
|
7FFD34160000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765414887.00007FFD34160000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34160000
|
Size: |
4096
|
|
1060000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758649983.0000000001060000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1060000
|
Size: |
8192
|
|
1B573000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764148813.000000001B573000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B573000
|
Size: |
12288
|
|
2ADE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4759911810.0000000002ADE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2ADE000
|
Size: |
8192
|
|
1BA57000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA57000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA57000
|
Size: |
49152
|
|
D81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D81000
|
Size: |
4096
|
|
7FFD3417D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765609531.00007FFD3417D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3417D000
|
Size: |
4096
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757591184.00000000009C0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C0000
|
Size: |
4096
|
|
12B6E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763680021.0000000012B6E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B6E000
|
Size: |
4096
|
|
920000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2313148404.0000000000920000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
920000
|
Size: |
4096
|
|
2B50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760543442.0000000002B50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B50000
|
Size: |
4096
|
|
1BA20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA20000
|
Size: |
20480
|
|
1C1CA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765155734.000000001C1CA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C1CA000
|
Size: |
24576
|
|
7FFD34270000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765770132.00007FFD34270000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34270000
|
Size: |
49152
|
|
DFF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000DFF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DFF000
|
Size: |
4096
|
|
7FFD3420C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765705381.00007FFD3420C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3420C000
|
Size: |
4096
|
|
1063000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758649983.0000000001063000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1063000
|
Size: |
53248
|
|
1B81E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764364090.000000001B81E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B81E000
|
Size: |
8192
|
|
1B570000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764148813.000000001B570000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B570000
|
Size: |
8192
|
|
1B710000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4764299210.000000001B710000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1B710000
|
Size: |
4096
|
|
E03000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000E03000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E03000
|
Size: |
245760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
CF4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757630014.0000000000CF4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CF4000
|
Size: |
49152
|
|
12B68000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763680021.0000000012B68000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B68000
|
Size: |
12288
|
|
7FFD34170000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765560566.00007FFD34170000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34170000
|
Size: |
4096
|
|
1BA65000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA65000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA65000
|
Size: |
16384
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4759254353.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F0000
|
Size: |
4096
|
|
2BA8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760685747.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BA8000
|
Size: |
323584
|
|
100C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758372635.000000000100C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
100C000
|
Size: |
16384
|
|
1BA6B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA6B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA6B000
|
Size: |
73728
|
|
10D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758949705.00000000010D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10D5000
|
Size: |
20480
|
|
2BF8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760685747.0000000002BF8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BF8000
|
Size: |
3207168
|
|
1BA26000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA26000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA26000
|
Size: |
24576
|
|
1BA1D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764451778.000000001BA1D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BA1D000
|
Size: |
12288
|
|
D40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D40000
|
Size: |
20480
|
|
1B674000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764225983.000000001B674000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B674000
|
Size: |
49152
|
|
D20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757670185.0000000000D20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D20000
|
Size: |
4096
|
|
D00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757650923.0000000000D00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D00000
|
Size: |
12288
|
|
1BECC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765009194.000000001BECC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BECC000
|
Size: |
16384
|
|
1C0CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765104849.000000001C0CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C0CC000
|
Size: |
16384
|
|
1C2CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765188567.000000001C2CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C2CC000
|
Size: |
16384
|
|
7FFD34153000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765325247.00007FFD34153000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34153000
|
Size: |
4096
|
|
1AB90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763824132.000000001AB90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1AB90000
|
Size: |
4096
|
|
1235000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4759344749.0000000001235000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1235000
|
Size: |
24576
|
|
12B61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763680021.0000000012B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12B61000
|
Size: |
24576
|
|
DC7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DC7000
|
Size: |
225280
|
|
7FFD34210000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765728650.00007FFD34210000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34210000
|
Size: |
4096
|
|
1BFCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765080349.000000001BFCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BFCF000
|
Size: |
4096
|
|
D83000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D83000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D83000
|
Size: |
20480
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4759344749.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
12288
|
|
920000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.4757565285.0000000000920000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
920000
|
Size: |
4096
|
|
7FFD3416D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765525875.00007FFD3416D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD3416D000
|
Size: |
8192
|
|
1BA31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA31000
|
Size: |
151552
|
|
1B52A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764004591.000000001B52A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B52A000
|
Size: |
24576
|
|
2B3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760384436.0000000002B3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B3F000
|
Size: |
4096
|
|
1BBD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764978119.000000001BBD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BBD0000
|
Size: |
12288
|
|
7FFD34301000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765825255.00007FFD34301000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34301000
|
Size: |
4096
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758949705.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10D0000
|
Size: |
12288
|
|
11DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4759161489.00000000011DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
11DF000
|
Size: |
4096
|
|
7FFD34236000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765749189.00007FFD34236000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD34236000
|
Size: |
4096
|
|
7FF49E990000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765233992.00007FF49E990000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF49E990000
|
Size: |
4096
|
|
D46000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D46000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D46000
|
Size: |
20480
|
|
7FFD34174000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765583688.00007FFD34174000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34174000
|
Size: |
4096
|
|
2AE0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4760103959.0000000002AE0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2AE0000
|
Size: |
4096
|
|
7FFD341AC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.4765633563.00007FFD341AC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFD341AC000
|
Size: |
8192
|
|
7FFD34200000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765663572.00007FFD34200000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34200000
|
Size: |
4096
|
|
1B56E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764071240.000000001B56E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B56E000
|
Size: |
8192
|
|
D4C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D4C000
|
Size: |
118784
|
|
7FFD34150000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765295012.00007FFD34150000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34150000
|
Size: |
4096
|
|
7FFD34154000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765346902.00007FFD34154000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34154000
|
Size: |
8192
|
|
1050000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758523071.0000000001050000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1050000
|
Size: |
4096
|
|
2F63000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4760685747.0000000002F63000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F63000
|
Size: |
2502656
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
7FFD34206000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765682649.00007FFD34206000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34206000
|
Size: |
4096
|
|
1BA2D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764477546.000000001BA2D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BA2D000
|
Size: |
12288
|
|
DAD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DAD000
|
Size: |
102400
|
|
1B91D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4764417029.000000001B91D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B91D000
|
Size: |
12288
|
|
1030000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4758411738.0000000001030000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1030000
|
Size: |
8192
|
|
7FFD342F2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765797342.00007FFD342F2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD342F2000
|
Size: |
36864
|
|
D6A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757692302.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D6A000
|
Size: |
90112
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4757611701.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D0000
|
Size: |
4096
|
|
1B0ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4763969443.000000001B0ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B0ED000
|
Size: |
12288
|
|
7FFD34163000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.4765454525.00007FFD34163000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFD34163000
|
Size: |
40960
|
|