213fce24e326

Remarks

Maximum Dump Size Exceeded (0x0200004A): 900 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 22 MB.

Maximum Dump Total Size Reached (0x0200005D): 1478 additional dumps with the reason "Content Changed" and a total of 9898 MB were skipped because the respective maximum limit was reached.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	4.19 MB
MD5	7de3896baf12500f3e1cd311e2340806
SHA1	500b906981aaa4810848643f1d8c17efa87bad20
SHA256	213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e
SSDeep	98304:xmAM03cGX50EXFEACRwiGbJ3hjOQxsaS3XnLUBzEydzEI:xBM03c+0ACRZGNBdONXe5
ImpHash	9a4258c5d218cf6e5c500e8415d5f5ed

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x401000
Size Of Code	0x22000
Size Of Initialized Data	0x2c200
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-12-28 19:10:15+00:00
Packer	ASProtect v1.23 RC1

Sections (9)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
-	0x401000	0x22000	0x11400	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x423000	0x47c	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x424000	0xf000	0x7a00	0x11800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x433000	0x2000	0x400	0x19200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.8
-	0x435000	0x26c1d5	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x6a2000	0x3fb000	0x3cd400	0x19600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
.rsrc	0xa9d000	0x1000	0x200	0x3e6a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	6.96
.yke1AWY	0xa9e000	0x4b000	0x4ac00	0x3e6c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.92
.adata	0xae9000	0x1000	0x0	0x431800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0

Imports (7)

kernel32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	-	0xa9ec28	0x69ec28	0x3e7828	0x0
GetModuleHandleA	-	0xa9ec2c	0x69ec2c	0x3e782c	0x0
LoadLibraryA	-	0xa9ec30	0x69ec30	0x3e7830	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SendNotifyMessageA	-	0xa9ed64	0x69ed64	0x3e7964	0x0

wtsapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WTSSendMessageW	-	0xa9ed6c	0x69ed6c	0x3e796c	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcessWindowStation	-	0xa9ed74	0x69ed74	0x3e7974	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcessWindowStation	-	0xa9ed7c	0x69ed7c	0x3e797c	0x0

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VariantChangeTypeEx	-	0xa9ed84	0x69ed84	0x3e7984	0x0

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RaiseException	-	0xa9ed8c	0x69ed8c	0x3e798c	0x0

Memory Dumps (345)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	First Execution	32-bit	0x00401000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00C60000	0x00CBFFFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	First Execution	32-bit	0x00D1E000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC1000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00D04DD8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC4CB8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC3518	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC2B38	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC6438	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CCC310	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CCAA70	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CCB05C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC9D00	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC7500	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CCD22C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CCF3A4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD0014	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD5748	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD6534	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD9A6C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF24C4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE56A8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF3540	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF4000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF51F4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF6F64	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD7180	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CDACA0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CDD1F0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CDB000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE14C0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CDE0F8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE0978	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CEE0D0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CEFC0C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF00E4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CED8E8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CECDC0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE6BB4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE7878	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CF734C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CFD2EC	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00D00338	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00D01F70	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CC867C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00D02040	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD8CA8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CD17A4	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CFCF9C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03690000	0x03690FFF	First Execution	32-bit	0x03690000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036A0000	0x036A0FFF	First Execution	32-bit	0x036A0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03650000	0x03650FFF	First Execution	32-bit	0x03650000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036C0000	0x036C0FFF	First Execution	32-bit	0x036C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03680000	0x03680FFF	First Execution	32-bit	0x03680000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03670000	0x03670FFF	First Execution	32-bit	0x03670000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036D0000	0x036D0FFF	First Execution	32-bit	0x036D0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036E0000	0x036E0FFF	First Execution	32-bit	0x036E0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03530000	0x03530FFF	First Execution	32-bit	0x03530000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03540000	0x03540FFF	First Execution	32-bit	0x03540000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034F0000	0x034F0FFF	First Execution	32-bit	0x034F0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03560000	0x03560FFF	First Execution	32-bit	0x03560000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03520000	0x03520FFF	First Execution	32-bit	0x03520000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03510000	0x03510FFF	First Execution	32-bit	0x03510000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03580000	0x03580FFF	First Execution	32-bit	0x03580000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03480000	0x03480FFF	First Execution	32-bit	0x03480000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03490000	0x03490FFF	First Execution	32-bit	0x03490000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034B0000	0x034B0FFF	First Execution	32-bit	0x034B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03470000	0x03470FFF	First Execution	32-bit	0x03470000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03460000	0x03460FFF	First Execution	32-bit	0x03460000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034C0000	0x034C0FFF	First Execution	32-bit	0x034C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034D0000	0x034D0FFF	First Execution	32-bit	0x034D0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	First Execution	32-bit	0x02AE0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AF0000	0x02AF0FFF	First Execution	32-bit	0x02AF0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AA0000	0x02AA0FFF	First Execution	32-bit	0x02AA0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B10000	0x02B10FFF	First Execution	32-bit	0x02B10000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AD0000	0x02AD0FFF	First Execution	32-bit	0x02AD0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AC0000	0x02AC0FFF	First Execution	32-bit	0x02AC0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B30000	0x02B30FFF	First Execution	32-bit	0x02B30000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B00000	0x02B00FFF	First Execution	32-bit	0x02B00000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037D0000	0x037D0FFF	First Execution	32-bit	0x037D0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x028C0000	0x028C0FFF	First Execution	32-bit	0x028C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x028D0000	0x028D0FFF	First Execution	32-bit	0x028D0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02880000	0x02880FFF	First Execution	32-bit	0x02880000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x028A0000	0x028A0FFF	First Execution	32-bit	0x028A0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02900000	0x02900FFF	First Execution	32-bit	0x02900000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02920000	0x02920FFF	First Execution	32-bit	0x02920000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00D06A38	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x00401014	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A30000	0x02A30FFF	First Execution	32-bit	0x02A30000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A40000	0x02A40FFF	First Execution	32-bit	0x02A40000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029F0000	0x029F0FFF	First Execution	32-bit	0x029F0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A60000	0x02A60FFF	First Execution	32-bit	0x02A60000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A20000	0x02A20FFF	First Execution	32-bit	0x02A20000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A10000	0x02A10FFF	First Execution	32-bit	0x02A10000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A80000	0x02A80FFF	First Execution	32-bit	0x02A80000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE24F0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE4210	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CC0000	0x00D1FFFF	Content Changed	32-bit	0x00CE3F1C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03270000	0x03270FFF	First Execution	32-bit	0x03270000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03280000	0x03280FFF	First Execution	32-bit	0x03280000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03230000	0x03230FFF	First Execution	32-bit	0x03230000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032A0000	0x032A0FFF	First Execution	32-bit	0x032A0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03260000	0x03260FFF	First Execution	32-bit	0x03260000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03250000	0x03250FFF	First Execution	32-bit	0x03250000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032C0000	0x032C0FFF	First Execution	32-bit	0x032C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03290000	0x03290FFF	First Execution	32-bit	0x03290000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037C0000	0x037C0FFF	First Execution	32-bit	0x037C0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02930000	0x02930FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029E0000	0x029E0FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A90000	0x02A90FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B40000	0x02B40FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	First Execution	32-bit	0x02870000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B90000	0x02B90FFF	First Execution	32-bit	0x02B90000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BA0000	0x02BA0FFF	First Execution	32-bit	0x02BA0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B50000	0x02B50FFF	First Execution	32-bit	0x02B50000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BC0000	0x02BC0FFF	First Execution	32-bit	0x02BC0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B80000	0x02B80FFF	First Execution	32-bit	0x02B80000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B70000	0x02B70FFF	First Execution	32-bit	0x02B70000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BE0000	0x02BE0FFF	First Execution	32-bit	0x02BE0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	First Execution	32-bit	0x02870000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	First Execution	32-bit	0x02870000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BD0000	0x02BD0FFF	First Execution	32-bit	0x02BD0000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02930000	0x02930FFF	First Execution	32-bit	0x02930000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	First Execution	32-bit	0x02870000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02870000	0x02870FFF	First Execution	32-bit	0x02870000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x037B0000	0x037B0FFF	First Execution	32-bit	0x037B0000	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x00730935	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x0044B648	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x0044AEF8	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x00452552	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x0044F1D2	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x00451FE9	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x004A87D6	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Content Changed	32-bit	0x005E9523	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x0019F6F0	0x0019FE6D	First Execution	32-bit	0x0019F871	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B00000	0x00B00FFF	First Execution	32-bit	0x00B00015	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x001F0000	0x001F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00AF0000	0x00AF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B10000	0x00B10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B30000	0x00B30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B40000	0x00B40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B50000	0x00B50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B70000	0x00B70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00B80000	0x00B80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00C60000	0x00C60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00C70000	0x00C70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00C80000	0x00C80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00C90000	0x00C90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CA0000	0x00CA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00CB0000	0x00CB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00D20000	0x00D20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02850000	0x02850FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02860000	0x02860FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02890000	0x02890FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x028B0000	0x028B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x028E0000	0x028E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02910000	0x02910FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02940000	0x02940FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02950000	0x02950FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02960000	0x02960FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02970000	0x02970FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02980000	0x02980FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02990000	0x02990FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029A0000	0x029A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029B0000	0x029B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029C0000	0x029C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x029D0000	0x029D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A00000	0x02A00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A50000	0x02A50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02A70000	0x02A70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02AB0000	0x02AB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B20000	0x02B20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02B60000	0x02B60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BB0000	0x02BB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02BF0000	0x02BF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C00000	0x02C00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C10000	0x02C10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C20000	0x02C20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C30000	0x02C30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C40000	0x02C40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C50000	0x02C50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C60000	0x02C60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C70000	0x02C70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C80000	0x02C80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02C90000	0x02C90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CA0000	0x02CA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CB0000	0x02CB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CC0000	0x02CC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CD0000	0x02CD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CE0000	0x02CE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02CF0000	0x02CF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D00000	0x02D00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D10000	0x02D10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D20000	0x02D20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D30000	0x02D30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D40000	0x02D40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D50000	0x02D50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D60000	0x02D60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D70000	0x02D70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D80000	0x02D80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02D90000	0x02D90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DA0000	0x02DA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DB0000	0x02DB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DC0000	0x02DC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DD0000	0x02DD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DE0000	0x02DE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02DF0000	0x02DF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E00000	0x02E00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E10000	0x02E10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E20000	0x02E20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E30000	0x02E30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E40000	0x02E40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E50000	0x02E50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E60000	0x02E60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E70000	0x02E70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E80000	0x02E80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02E90000	0x02E90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02EA0000	0x02EA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02EB0000	0x02EB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02EC0000	0x02EC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02ED0000	0x02ED0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02EE0000	0x02EE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02EF0000	0x02EF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F00000	0x02F00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F10000	0x02F10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F20000	0x02F20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F30000	0x02F30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F40000	0x02F40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F50000	0x02F50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F60000	0x02F60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F70000	0x02F70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F80000	0x02F80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02F90000	0x02F90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FA0000	0x02FA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FB0000	0x02FB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FC0000	0x02FC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FD0000	0x02FD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FE0000	0x02FE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02FF0000	0x02FF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03000000	0x03000FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03010000	0x03010FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03020000	0x03020FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03030000	0x03030FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03040000	0x03040FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03050000	0x03050FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03060000	0x03060FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03070000	0x03070FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03080000	0x03080FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03090000	0x03090FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030A0000	0x030A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030B0000	0x030B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030C0000	0x030C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030D0000	0x030D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030E0000	0x030E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x030F0000	0x030F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03100000	0x03100FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03110000	0x03110FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03120000	0x03120FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03130000	0x03130FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03140000	0x03140FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03150000	0x03150FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03160000	0x03160FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03170000	0x03170FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03180000	0x03180FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03190000	0x03190FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031A0000	0x031A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031B0000	0x031B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031C0000	0x031C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031D0000	0x031D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031E0000	0x031E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x031F0000	0x031F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03200000	0x03200FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03210000	0x03210FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03220000	0x03220FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03240000	0x03240FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032B0000	0x032B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032D0000	0x032D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032E0000	0x032E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x032F0000	0x032F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03300000	0x03300FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03310000	0x03310FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03320000	0x03320FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03330000	0x03330FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03340000	0x03340FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03350000	0x03350FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03360000	0x03360FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03370000	0x03370FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03380000	0x03380FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03390000	0x03390FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033A0000	0x033A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033B0000	0x033B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033C0000	0x033C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033D0000	0x033D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033E0000	0x033E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x033F0000	0x033F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03400000	0x03400FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03410000	0x03410FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03420000	0x03420FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03430000	0x03430FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03450000	0x03450FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034A0000	0x034A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x034E0000	0x034E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03500000	0x03500FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03550000	0x03550FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03570000	0x03570FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03590000	0x03590FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035A0000	0x035A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035B0000	0x035B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035C0000	0x035C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035D0000	0x035D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035E0000	0x035E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x035F0000	0x035F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03600000	0x03600FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03610000	0x03610FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03620000	0x03620FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03630000	0x03630FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03640000	0x03640FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03660000	0x03660FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036B0000	0x036B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x036F0000	0x036F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03700000	0x03700FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03710000	0x03710FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03720000	0x03720FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03730000	0x03730FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03740000	0x03740FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03750000	0x03750FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x03760000	0x03760FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e.exe	1	0x00400000	0x00AE9FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\build.exe

Dropped File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\RegHost.exe (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	8.09 MB
MD5	497f94e90dab4b110e319e736bf0c0cb
SHA1	bfc844ce52ed4d82744cf4f61f3af9a9a9795db9
SHA256	c791924544847b19870bd1d9bab29573058de6b1510c5100b9ce4a44676411e5
SSDeep	196608:K3pK9t/+IkfC2lzMN++VWc7dCO2IhNasyqMEc:YKH+NLy9VWc7dP2IhNSq
ImpHash	9dc580b98fdc55e0bc3b6c6f01e8c0c2

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x140000000
Entry Point	0x1416ac474
Size Of Code	0x33c00
Size Of Initialized Data	0x83c200
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.amd64
Compile Timestamp	2021-12-24 21:08:24+00:00

Sections (8)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
-	0x140001000	0x34000	0x14200	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x140035000	0x13000	0x7c00	0x14600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.99
-	0x140048000	0x826000	0x4f7c00	0x1c200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x14086e000	0x3000	0x0	0x513e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x140871000	0x1000	0x200	0x513e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	2.55
-	0x140872000	0x1000	0x600	0x514000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.86
-	0x140873000	0xb7c000	0x44000	0x514600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x1413ef000	0x2bf000	0x2bee00	0x558600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.96

Imports (8)

kernel32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleA	-	0x1413f2dc4	0x13f2dc4	0x55c3c4	0x0
GetProcAddress	-	0x1413f2dcc	0x13f2dcc	0x55c3cc	0x0
ExitProcess	-	0x1413f2dd4	0x13f2dd4	0x55c3d4	0x0
LoadLibraryA	-	0x1413f2ddc	0x13f2ddc	0x55c3dc	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxA	-	0x1413f2dec	0x13f2dec	0x55c3ec	0x0

advapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegCloseKey	-	0x1413f2dfc	0x13f2dfc	0x55c3fc	0x0

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	-	0x1413f2e0c	0x13f2e0c	0x55c40c	0x0

gdi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateFontA	-	0x1413f2e1c	0x13f2e1c	0x55c41c	0x0

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteA	-	0x1413f2e2c	0x13f2e2c	0x55c42c	0x0

version.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileVersionInfoA	-	0x1413f2e3c	0x13f2e3c	0x55c43c	0x0

ole32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleInitialize	-	0x1413f2e4c	0x13f2e4c	0x55c44c	0x0

Memory Dumps (62)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buffer	6	0x7FF5FFAF0000	0x7FF5FFEC0FFF	First Execution	64-bit	0x7FF5FFAF0040	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00907630	0x0090772F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00907BA0	0x00908E41	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00908E50	0x00910E4F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00910E60	0x00918E5F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00919580	0x00919697	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x0091AE80	0x00922E7F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00922E90	0x00962E8F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00962EA0	0x0096AE9F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x0096AEB0	0x009AAEAF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x009AAEC0	0x009B2EBF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x009B2ED0	0x009F2ECF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x009F2EE0	0x00A32EDF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A32EF0	0x00A3AEEF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A3AF00	0x00A42EFF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A42F10	0x00A4AF0F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A4AF20	0x00A52F1F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A52F30	0x00A5AF2F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A5AF40	0x00A62F3F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00A62F50	0x00AA2F4F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AA2F60	0x00AAAF5F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AAAF70	0x00AB2F6F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AB2F80	0x00ABAF7F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00ABAF90	0x00AC2F8F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AC2FA0	0x00ACAF9F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00ACAFB0	0x00AD2FAF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AD2FC0	0x00ADAFBF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00ADAFD0	0x00AE2FCF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AE6A80	0x00AE6BD7	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02410080	0x0245007F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02450090	0x0249008F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024900A0	0x024D009F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024D00B0	0x024D1378	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024D2BB0	0x024DABAF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024DABC0	0x024E2BBF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024E2BD0	0x024EABCF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024EABE0	0x024F2BDF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024F2BF0	0x024FABEF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02500FD0	0x02508FCF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02509E80	0x0250B148	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x0250BE60	0x0250CE5F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x0250DE80	0x0250E07F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x027E0080	0x0282007F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02821F60	0x02829F5F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02829F70	0x02831F6F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02831F80	0x02871F7F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x02871F90	0x028B1F8F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028B4590	0x028BC58F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028BC9C0	0x028BCD87	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028BCD90	0x028BDF8F	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028BDFA0	0x028BE1C7	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x7FF5FFAF0000	0x7FF5FFEC0FFF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x7FFD4E270000	0x7FFD4E27FFFF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00170000	0x00170FFF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x008C0000	0x008C0FFF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x008D0000	0x008D0FFF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00ADAFD0	0x00AE2FCF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x00AE6F00	0x00AE7EFF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x024D00B0	0x024D1378	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028BCD90	0x028BDF8F	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x028BDFA0	0x028BE1C7	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x029E0000	0x02C47FFF	Process Termination	64-bit	-	... Memory Dump Actions Go to Process Download Dump

c:\output

Dropped File

Unknown

MIME Type	-
File Size	-
MD5	-
SHA1	-
SHA256	-
SSDeep	-
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After