AB2000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.1603844841.0000000000AB2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
AB2000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Yara signature match |
System Summary |
|
|
2F81000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2670364525.0000000002F81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F81000
|
Size: |
5931008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
1B8E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671477509.000000001B8E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B8E3000
|
Size: |
12288
|
|
1AFB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671403561.000000001AFB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1AFB0000
|
Size: |
4096
|
|
1B9E4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671518601.000000001B9E4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B9E4000
|
Size: |
49152
|
|
1C69C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671875377.000000001C69C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C69C000
|
Size: |
16384
|
|
1BBAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671562176.000000001BBAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BBAE000
|
Size: |
8192
|
|
2DE3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670273394.0000000002DE3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DE3000
|
Size: |
4096
|
|
AB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2669577335.0000000000AB0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
AB0000
|
Size: |
4096
|
|
1002000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000001002000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1002000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7FFB4AD16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672122346.00007FFB4AD16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD16000
|
Size: |
4096
|
|
F40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F40000
|
Size: |
20480
|
|
7FFB4AC84000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672055413.00007FFB4AC84000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC84000
|
Size: |
4096
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669647227.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA5000
|
Size: |
24576
|
|
7FFB4AC60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671911382.00007FFB4AC60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC60000
|
Size: |
4096
|
|
FFF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FFF000
|
Size: |
4096
|
|
1BDB8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BDB8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDB8000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
F6B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F6B000
|
Size: |
77824
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000FB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FB0000
|
Size: |
12288
|
|
2F70000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2670348527.0000000002F70000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F70000
|
Size: |
4096
|
|
12F81000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671334681.0000000012F81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12F81000
|
Size: |
24576
|
|
7FFB4AD1C000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672138662.00007FFB4AD1C000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD1C000
|
Size: |
4096
|
|
7FFB4AE20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672256798.00007FFB4AE20000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AE20000
|
Size: |
4096
|
|
7FFB4AD20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672155280.00007FFB4AD20000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD20000
|
Size: |
4096
|
|
1BCAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671580719.000000001BCAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BCAF000
|
Size: |
4096
|
|
7FFB4AE02000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672214036.00007FFB4AE02000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AE02000
|
Size: |
36864
|
|
1BDBE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BDBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDBE000
|
Size: |
188416
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7FFB4AD46000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672171302.00007FFB4AD46000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD46000
|
Size: |
4096
|
|
7FFB4ACBC000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672088423.00007FFB4ACBC000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4ACBC000
|
Size: |
8192
|
|
7FFB4AC64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671943674.00007FFB4AC64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC64000
|
Size: |
8192
|
|
EF4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669728230.0000000000EF4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EF4000
|
Size: |
49152
|
|
1BDF8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BDF8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDF8000
|
Size: |
65536
|
|
7FFB4AE11000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672238811.00007FFB4AE11000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AE11000
|
Size: |
4096
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669647227.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA0000
|
Size: |
12288
|
|
12F88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671334681.0000000012F88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12F88000
|
Size: |
12288
|
|
7FFB4AD10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672105782.00007FFB4AD10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AD10000
|
Size: |
4096
|
|
7FFB4AC63000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2671927432.00007FFB4AC63000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AC63000
|
Size: |
4096
|
|
12D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670195585.00000000012D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D5000
|
Size: |
20480
|
|
12F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671334681.0000000012F8E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
12F8E000
|
Size: |
4096
|
|
352A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670364525.000000000352A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
352A000
|
Size: |
638976
|
|
2DD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670258166.0000000002DD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DD0000
|
Size: |
16384
|
|
F83000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F83000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F83000
|
Size: |
24576
|
|
2F60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670333330.0000000002F60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F60000
|
Size: |
12288
|
|
1BE1A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BE1A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BE1A000
|
Size: |
4096
|
|
7FFB4AC70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671980762.00007FFB4AC70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC70000
|
Size: |
4096
|
|
1C39A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671832182.000000001C39A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C39A000
|
Size: |
24576
|
|
F33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669799926.0000000000F33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
F33000
|
Size: |
53248
|
|
1B839000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671456563.000000001B839000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B839000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
F20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669767874.0000000000F20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
F20000
|
Size: |
4096
|
|
1C29D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671812330.000000001C29D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C29D000
|
Size: |
12288
|
|
1B3FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671435580.000000001B3FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1B3FC000
|
Size: |
16384
|
|
B50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669598457.0000000000B50000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B50000
|
Size: |
4096
|
|
7FFB4AC6D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2671962379.00007FFB4AC6D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AC6D000
|
Size: |
12288
|
|
2DBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670243344.0000000002DBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DBF000
|
Size: |
4096
|
|
1BAA0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2671544358.000000001BAA0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1BAA0000
|
Size: |
4096
|
|
AB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1603825082.0000000000AB0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
AB0000
|
Size: |
4096
|
|
F80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F80000
|
Size: |
4096
|
|
1BDAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671597929.000000001BDAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BDAE000
|
Size: |
8192
|
|
FAE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FAE000
|
Size: |
4096
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669676849.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BB0000
|
Size: |
4096
|
|
7FFB4AD80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672187504.00007FFB4AD80000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AD80000
|
Size: |
49152
|
|
F4C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F4C000
|
Size: |
73728
|
|
1BE1E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BE1E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BE1E000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1B8E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671477509.000000001B8E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1B8E0000
|
Size: |
8192
|
|
2D7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670228742.0000000002D7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D7E000
|
Size: |
8192
|
|
F46000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F46000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F46000
|
Size: |
20480
|
|
120C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670165494.000000000120C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
120C000
|
Size: |
16384
|
|
F30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669799926.0000000000F30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
F30000
|
Size: |
8192
|
|
F00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669749710.0000000000F00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
F00000
|
Size: |
8192
|
|
7FFB4AC8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672072462.00007FFB4AC8D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AC8D000
|
Size: |
4096
|
|
7FFB4AC80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2672039190.00007FFB4AC80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC80000
|
Size: |
4096
|
|
1BDB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BDB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDB0000
|
Size: |
28672
|
|
FB4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FB4000
|
Size: |
294912
|
|
2F2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670313982.0000000002F2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F2E000
|
Size: |
8192
|
|
B80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669631985.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B80000
|
Size: |
12288
|
|
7FFB4AC73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671996970.00007FFB4AC73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7FFB4AC73000
|
Size: |
40960
|
|
F5F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669850759.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F5F000
|
Size: |
45056
|
|
1C49C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671853727.000000001C49C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1C49C000
|
Size: |
16384
|
|
1BDED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2671616662.000000001BDED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1BDED000
|
Size: |
40960
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670195585.00000000012D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D0000
|
Size: |
12288
|
|
B60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2669617614.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B60000
|
Size: |
4096
|
|
7FFB4AC7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2672021115.00007FFB4AC7D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FFB4AC7D000
|
Size: |
8192
|
|
1280000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2670181619.0000000001280000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1280000
|
Size: |
4096
|
|
7FF4E2580000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2671894500.00007FF4E2580000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FF4E2580000
|
Size: |
4096
|
|